From: Arran Cudbard-Bell Date: Mon, 21 Jan 2013 19:35:07 +0000 (+0000) Subject: Remove dialup admin X-Git-Tag: release_3_0_0_beta1~1296 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e07c4ac77e52409f5ea010c2bdcccfc46666a150;p=thirdparty%2Ffreeradius-server.git Remove dialup admin --- diff --git a/debian/apache2.conf b/debian/apache2.conf deleted file mode 100644 index 5f3480f1f37..00000000000 --- a/debian/apache2.conf +++ /dev/null @@ -1,36 +0,0 @@ -Alias /freeradius-dialupadmin /usr/share/freeradius-dialupadmin/htdocs - - - Options Indexes FollowSymLinks - - - php_flag register_globals off - - - php_flag register_globals off - - - - -# You may prefer a simple URL like http://dialupadmin.example.com -# -# DocumentRoot /usr/share/freeradius-dialupadmin/htdocs -# ServerName dialupadmin.example.com -# - -# redirect to https when available -# -# Note: There are multiple ways to do this, and which one is suitable for -# your site's configuration depends. Consult the apache documentation if -# you're unsure, as this example might not work everywhere. -# -# -# -# -# RewriteEngine on -# RewriteCond %{HTTPS} !^on$ [NC] -# RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] -# -# -# - diff --git a/debian/control b/debian/control index 215263965c1..fde8d7852a3 100644 --- a/debian/control +++ b/debian/control @@ -124,14 +124,6 @@ Description: iODBC module for FreeRADIUS server The FreeRADIUS server can use iODBC to access databases to authenticate users and do accounting, and this module is necessary for that. -Package: freeradius-dialupadmin -Architecture: all -Depends: php5 | libapache2-mod-php5 | php5-cgi, apache2-mpm-prefork | httpd, ${perl:Depends} -Suggests: php5-mysql | php5-pgsql, php5-ldap, libdate-manip-perl -Description: set of PHP scripts for administering a FreeRADIUS server - These scripts provide a web-based interface for administering a FreeRADIUS - server which stores authentication information in either SQL or LDAP. - Package: freeradius-dbg Architecture: any Section: debug diff --git a/debian/freeradius-dialupadmin.README.Debian b/debian/freeradius-dialupadmin.README.Debian deleted file mode 100644 index d175c6ecded..00000000000 --- a/debian/freeradius-dialupadmin.README.Debian +++ /dev/null @@ -1,13 +0,0 @@ -Dialup Admin Debian README -Configuration is in /etc/freeradius-dialupadmin/ -which is linked into the dialupadmin tree in -/usr/share/freeradius-dialupadmin. - -To put this into production, add -Include /etc/freeradius-dialupadmin/apache2.conf - -To the relevant section of your apache configuration. - -The scripts make use of .. to access the -other paths, so symlinking into your webtree -may not work. diff --git a/debian/freeradius-dialupadmin.dirs b/debian/freeradius-dialupadmin.dirs deleted file mode 100644 index 811a901ebfb..00000000000 --- a/debian/freeradius-dialupadmin.dirs +++ /dev/null @@ -1,2 +0,0 @@ -etc/freeradius-dialupadmin/ -usr/share/freeradius-dialupadmin/ diff --git a/debian/freeradius-dialupadmin.docs b/debian/freeradius-dialupadmin.docs deleted file mode 100644 index 91b3a4f1ce5..00000000000 --- a/debian/freeradius-dialupadmin.docs +++ /dev/null @@ -1,5 +0,0 @@ -dialup_admin/doc/AUTHORS -dialup_admin/doc/FAQ -dialup_admin/doc/HELP_WANTED -dialup_admin/doc/HOWTO -dialup_admin/doc/TODO diff --git a/debian/freeradius-dialupadmin.examples b/debian/freeradius-dialupadmin.examples deleted file mode 100644 index 5c627ca4fcf..00000000000 --- a/debian/freeradius-dialupadmin.examples +++ /dev/null @@ -1 +0,0 @@ -dialup_admin/bin/dialup_admin.cron diff --git a/debian/freeradius-dialupadmin.install b/debian/freeradius-dialupadmin.install deleted file mode 100644 index e2de84baa09..00000000000 --- a/debian/freeradius-dialupadmin.install +++ /dev/null @@ -1,3 +0,0 @@ -etc/freeradius-dialupadmin -usr/share/doc/freeradius-dialupadmin -usr/share/freeradius-dialupadmin diff --git a/debian/freeradius-dialupadmin.links b/debian/freeradius-dialupadmin.links deleted file mode 100644 index 8c2e29ef092..00000000000 --- a/debian/freeradius-dialupadmin.links +++ /dev/null @@ -1 +0,0 @@ -etc/freeradius-dialupadmin/ usr/share/freeradius-dialupadmin/conf diff --git a/debian/rules b/debian/rules index 97370a5130a..6894ca41aac 100755 --- a/debian/rules +++ b/debian/rules @@ -127,26 +127,7 @@ ifeq (config.guess.dist,$(wildcard config.guess.dist)) endif dh_clean -install: install-indep install-arch -install-indep: build-indep-stamp - dh_testdir - dh_testroot - dh_installdirs -i - - $(MAKE) -C dialup_admin DIALUP_PREFIX=/usr/share/freeradius-dialupadmin \ - DIALUP_DOCDIR=/usr/share/doc/freeradius-dialupadmin \ - DIALUP_CONFDIR=/etc/freeradius-dialupadmin \ - R=$(freeradius_dir) install - - mv $(freeradius_dir)/usr/share/freeradius-dialupadmin/bin/dialup_admin.cron \ - $(freeradius_dir)/usr/share/freeradius-dialupadmin/bin/freeradius-dialupadmin.cron - mv $(freeradius_dir)/usr/share/doc/freeradius-dialupadmin/Changelog \ - $(freeradius_dir)/usr/share/doc/freeradius-dialupadmin/changelog - - install -m0644 debian/apache2.conf $(freeradius_dir)/etc/freeradius-dialupadmin/ - - dh_install -i --sourcedir=$(freeradius_dir) - dh_installdocs -p freeradius-dialupadmin dialup_admin/README +install: install-arch install-arch: build-arch-stamp dh_testdir diff --git a/dialup_admin/Changelog b/dialup_admin/Changelog deleted file mode 100644 index 6c4534f3d90..00000000000 --- a/dialup_admin/Changelog +++ /dev/null @@ -1,633 +0,0 @@ -Ver X.XX: -* add comparison operators "!=" and "not like" to Accounting -* replace ereg -> preg_match, ereg_replace -> preg_replace, split -> preg_split for PHP5.3 compatibility -* fix LIMIT not working when using MySQL -* add configuration item "timezone" to make PHP 5.1+ happy -Ver 1.80: -* Remove snmp_clearsession. It is replaced by clearsession which supports both snmp and telnet - methods of removing a user from an access server. Add corresponding configuration directives - general_sessionclear_method and nasXX_sessionclear_method -* Create a new function da_sql_limit() and use that to pass LIMIT arguments to the database layer - since the syntax is different between db vendors -* Rename the badusers date field to incidentdate to avoid reserved words in databases. Bug found by - Peter Nixon -* Count online users correctly (through a separate query) in user_finger. -* Use the correct max results variable in lib/*/find.php3 -* In time2strclock also show days if applicable -* In lib/sql/attrmap.php3, only register variables once. Go through $show_attrs and set default attribute - mappings for any attribute that a mapping does not exist. -* Change the order of OID's used in snmpfinger for cisco NASes -Ver 1.78: -* Add a snmp_clearsession which can disconnect a user by using the Cisco AAA Session MIB -* Add a configuration directive general_sessionclear_bin -* Add a session disconnect button in the 'clear open sessions' page -* Also clear sessions from the sql extra servers in the 'clear open sessions' page -* In bin/snmpfinger also accept @,. in the username -* If we are stripping realms, then if needed strip them from the data returned by snmpfinger in - user_finger.php3 -* Add a header with the page encoding before sending any page (header added in config.php3) - This closes Bug #153 -* Fix a problem when reading username.mappings -* If date calculation fails, abort -* Add a backup_radacct script -* Add an sqlrelay functions file. The user_admin page does not currently work. Looking into it. -* Add sqlrelay support in the scripts. Add a sqlrelay_query script to run sqlrelay commands -* Update password_check to work with all password attributes and use the configuration directives -* Add more documentation for per user counter limit attributes (daily/weekly/monthly limits) -* Make all counter limits default to none so that people don't get confused -* In clear_opensessions depending on sql type use either IS NULL or = 0 in the DELETE statement. - We need to find a cleaner solution to this. This closes bug#175 -* Log somewhat more verbose error messages when the sql_command binary is not found in the bin scripts -* Make nasXX_finger_type actually work since the place where nas information was stored was changed a - long time ago. Bug noted by Nick Bright -* In user_finger only set LD_LIBRARY_PATH once, not each time we call snmpfinger -* Add support for usrhiper in snmpfinger. Patch from Nick Bright -* urlencode() all occurrences of the $login variable when used in url's. Bug noted by Dag Landau -* Show the correct nas type in nas_admin. Bug noted by Nick Bright -* Correctly calculate the nas ip in lib/sql/nas_list.php3. Add a check_ip() function in lib/functions.php3 - Bug noted by Nick Bright -* Correctly check nas validity in nas_admin.php3. Bug noted by Nick Bright -* Don't use $num in stats.php3, change it to $stats_num -Ver 1.75: -* A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to - be accessed by normal users (not administrators). -* Move a few elements in the CSS file from the body tag. Suggestion by Gary McKinney -* Update FAQ about using php with no sql support. -* Allow the user to select between viewing FAQ,HOWTO or README in the help page. -* Use $_SERVER instead of $HTTP_SERVER_VARS -* Add a drop down menu with existing groups in group_new.php3 -* Check for sql in show_groups.php3 -* In lib/sql/group_info.php3 if $login is not set, find available groups and place them in - $existing_groups along with a count of users per group. Use the functionality in group_new.php3 - and show_groups.php3 -* Update TODO -* Add the style sheet in the content.html -* Enlarge the width for the left frame -* Make show_groups and the drop down menu in group_new work -* Use lower cased row names in badusers page -* Wrong foreach in show_groups and group_new. -* Fix operator escaping in lib/sql/change_attrs.php3 -* In user_state also take into account any open sessions when calculating daily/weekly usage. - Add two more lines in the output stating the number of current open sessions and the time used. -* Move a few header() calls after including config.php3 so that we have access to the relevant - variables. -* Make pagesize 'all' work again. Bug found by apellido jr., wilfredo p. -* Make 'Add NAS' function in the nas admin page more easily accessible -* Fix a small bug in user_admin.php3 found by Joerg Staedele -* Fix a small typo in the userinfo mysql schema. Found by Evert Meulie -* Fix bug #136, bugs found by Pawel Foremski -* Small type in login_time_create, close bug #141 -* In config.php3 remove whitespaces from $login. Don't remove '-' -* Add lib/sql/group_change.php3 to add and delete a user from groups -* Add a new directive sql_show_all_groups. If set to true then in user edit page we show all available - groups with the ones the user is a member of highlighted. The administrator can then directly - change user group membership by changing membership in this group list. -* On group creation, if member list is empty report that, not that the group was created. -* In the show groups page, note that we only show groups with members -* In lib/sql/group_info.php3 only unset variables if we need to. In lib/sql/defaults.php3 don't run for groups - only for users -* Fix Bug #167 -Ver 1.72: -* Move the xlat function to a separate file in lib/xlat.php3 -* Add a lib/sql/nas_list.php3 to also get the nas list from sql (naslist.conf still works) -* add realms nasdb and nasadmin in username.mappings. nasadmin is used to signify if the - user is allowed to use the nas_admin page. nasdb is used to shorten the nas list to only - a few specific entries. That way administrator responsible for a few access servers will - only be able to administer those access servers and not see the rest of the nas list. -* Add username searching in the find page as suggested by joram agten -* Don't use nas_list in nas_admin -* Add postgresql specific sql schema by apellido jr., wilfredo p. Move each sql schema to a - separate directory (mysql and postgresql) -* Change is_int to is_numeric. This closes Bug #90 -* Escape special characters in the sql password. This closes bug #96 -* Do an xlat for general_accounting_attrs_file and general_user_edit_attrs_file. That way we can - have different mappings for each administrator. -* Use require_once instead of require when including xlat.php3 -* Add debug statements in sql connect functions -* Add a missing.php3 file with functions that may be missing from the PHP version used. Include it - if a function is missing. Currently only array_change_key_case() is included -* Set general_restrict_nasadmin_access to no by default. It causes confusion. -* Set the general_username_mappings_file variable -* Fix a small error in lib/sql/find.php3. This closes bug #103 -* Add a small note in the FAQ about checking for sql/ldap driver availability in PHP if the user get's - a blank white page back. - -Ver 1.70.3: -* Test for unset variable, rather than empty variable in clean_radacct, - monthly_tot_stats and truncate_radacct. - -Ver 1.70.2: -* Fix redirects in dialup-admin pages on servers with register_globals - turned off. -* HTTP form fields will always fail is_int, use in_numeric instead. - -Ver 1.70.1: -* Report correct data transfer statistics for users. -* Lower-case sql column names to match creation scripts. -* Fix creation of empty groups. -* Put quote around usernames in HTML output. -* Properly notice when we've got a blank password to SQL. - -Ver 1.70: -* Add the /bin postgresql compatibility patch from Guy Fraser -* Add ldap_userdn as a configuration directive. If set we use that for - user DN's (variables supported) instead of performing and ldap search for - each user. That can be somewhat faster. -* Add a check_user_passwd() and a get_user_dn() functions in lib/ldap/functions.php3 -* Add general_restrict_badusers_access directive. If set to yes we only allow each administrator - access to their own entries in the badusers table -* Add a username.mappings table. We are able to map each administrator username to additional queries - on the accounting and user settings tables. -* Add an sql_accounting_extra_query directive. If set this query is included in all - queries to the accounting tables. - Combined with admin username mappings we are able to easily restrict access on specific accounting data - to each administrator. -* Escape bad characters in the $login variable -* Add a da_sql_escape_string function. We use that for every element we pass to sql queries in order to - protect ourselves from sql injection. -* Use the ldap_userdn directive where applicable in the functions.php3 file -* Add an sql_xlat function -* Add a nas administration page for sql based clients -* Fix small bugs in accounting.php3 and user_stats.php3. Add nas_admin.php3 to the buttons page -* Add da_sql_escape_string for all relevant variables in lib/sql files -* Keep the nas list in a separate array $nas_list. Update various pages to use that one now. -* Make nas_list actually work -* Also allow for '-' to exist in a nas name in bin/log_badlogins - -Ver 1.68: -* Huge PostgreSQL compatibility patch by Guy Fraser -* Also support the Crypt-Password attribute in lib/sql/password_check.php3. Patch by Guy Fraser -* Small fix in user_finger.php3 -* Add the ability to erase rows from the badusers table -* In log_badlogins for multiple logins if it is a mppp attempt, log it -* Add a message when adding a user in the badusers table -* Close sql connections in add_badusers.php3 -* Add a patch from Neil McCalden to not put spaces in the -p argument to the mysql binary. -* Fix a bug in conf/config.php3. Patch from Neil McCalden -* In log_badlogins add a newline after every sql query so that the resulting file can be editable -* Add a force directive in log_badlogins. If uncommented it will force inserts even if there are - sql errors. That can help in case there is one sql query which stops the whole failed logins - logging system from working -* Sort the servers list in failed_logins,user_stats,stats -Ver 1.65: -* Add a captions.conf file with a few configurable captions for now -* Move the nas list to a separate file called naslist.conf -* Add the ability to include configuration files in admin.conf -* Add a page for clearing open sessions from the database called clear_opensessions.php3. Add it in the - user toolbar -* Move the userinfo page of user_admin to a separate file so that it can be easily changed to - fit per installation needs -* Add a conf/accounting.attrs allowing the customization of the attributes in the user_accounting, - user_finger and failed_logins pages -* Add a directive to determine if the administrator will be able to change the user password from - the user edit page -* Call mysql_escape_string before running the sql query -* Use the sql_connect_timeout for the mysql driver -* Add a help page for the badusers table -* Also take the Session-Timeout in consideration when calcualting the remaining time in user_admin.php3 -* Add regex matching in log_badlogins and don't expect the callerid to always be in numeric format -* Small html corrections in user_toolbar.html.php3 -* Add a HOWTO from Paris Stamatopoulos -* create a doc directory and move the documentation files there -* Add a note about the HOWTO in the README file -* Add a few help pages for the nomadix radius attributes by Ulrich Walcher -* Update the HOWTO with instructions about the ldap configuration directives and the scripts in the bin folder -* Update the AUTHORS file -* Check for the binaries used (mysql/snmpwalk) in the scripts in the bin folder before using them -* Update the HOWTO file -* Use the general_domain variable from the admin.conf file in log_badlogins instead of a new one -* Add a sql_command directive in admin.conf containing the path to the mysql binary. That can be used by the - scripts in the bin folder instead of setting a variable in each script -* Add a general_nas_type and a per nas type directive and pass that to snmpfinger. Updated snmpfinger to also - support lucent equipment apart from cisco -* Update the HOWTO file with a few comments on the general_nas_type directive -* Use the User-Password attribute instead of Password in user_test.php3 -Ver 1.63: -* Do an eval on the attribute description strings in the user_edit page. That will allow the login-time creation - page to work properly. -* Add a login-time creation page which will allow the administrator to create the login-time string through a gui - instead of writing it directly in UUCP format. -* Call lib/{ldap,sql}/user_info in user_info before displaying any information about the user -* Add a configuration directive general_charset. Add a language meta tag in all pages -* Use sql_extra_servers directive when adding users in the badusers table. Add a da_sql_host_connect() function - to connect to a specific sql host -* Fix a typo in lib/sql/attrmap.php3 -* Add an entry in the FAQ about the Dialup-Access attribute -* Add an entry in the FAQ about duplicate personal attributes in the user_admin page -* Only show the personal attributes in the New User page if we have ldap or we are using the userinfo table in sql -* Add a per nas finger_type directive -* Update the TODO file -* Add an entry in the FAQ about adding .php3 handling -* Add a few installation notes -* Fix a problem with user_stats.php3 -* Update the README file with notes about the scripts present in the bin folder -* Add a -* Add support for regexp and like operators in accounting report generator -* Limit the split() to 2 elements in lib/defaults.php3 -* Create a AcctUniqueId before adding a row in radacct in log_badlogins. -* Use Max-Monthly-Session not Max-Weekly-Session for the monthly limit -* When checking the weekly limit check first that $remaining is numeric before doing any comparisons -* Add a usage_summary parameter in user_finger. If it is passed then we only output a text like: - "Online: Free: " which can be used in outside pages -* Use $config[sql_usergroup_table] in show_groups.php3 -* Add a config directive general_stats_use_totacct. If set we use the totacct table in the stats page instead of - radacct -* Small change in user_accounting.php3 -* Escape " in login_time create page before parsing the login-time string -* Add Service-Type in user_edit.attrs -* In user_finger page if $user is NULL then set it to -* Add 3 more help pages from Stadler Karel for Service-Type,Framed-Protocol and Filter-ID -* Make all scripts use the mysql binary instead of DBI and make the sql password even if it is empty -* Make log_badlogins work with usernames containing spaces -* Only delete sessions which are not open in truncate_radacct. Bug noted by Evren Yurtesen -* Add a user input tag in user_stats.php3 -* Change AcctStopTime = '0' with AcctStopTime IS NULL -* Add a few more attribute help pages from Ulrich Walcher -* Also check for $server != '' in stats.php3. Bug noted by Ulrich Walcher -* Consider the account locked either if Dialup-Access == FALSE or if it is not set at all -* Calculate weekly used time correctly (from Sunday 00:00:00) -* Allow for defining the ldap_filter used when searching for a user. The filter supports dynamic variables - like %u (username) and %U (username provided though http auth) -* Add a configuration directive counter_monthly_calculate_usage to calculate the monthly usage time. Calculate - it in user_admin if monthly_limit != 'none' or if this directive is set. - Based on a report by "apellido jr., wilfredo p" -* Add more comments in the admin.conf file -* Show correct calculation of the montlhy usage time. -* Don't show an account as locked if Dialup-Access does not exist and the mapping corresponds to 'none' attribute -* Make clean_radacct and truncate_radacct work correctly -* Fix a small bug in bytes2str. It will now also show GBs if appropriate -* Add an entry about the failed_logins page -* Update the help page for the lock message attribute -* Update the badusers page to also use the general_accounting_info_order directive -Ver 1.62: -* Remove one sql query from user_admin which was not needed. -* Instead of a query like "LIKE 'YYYY-MM-DD%'" use "AcctStopTime >= 'YYYY-MM-DD 00:00:00 AND AcctStopTime - <= 'YYYY-MM-DD 23:59:59'" which will allow us to use sql indexes better. -* Add a few comments in bin/clean_radacct -* Add a new script bin/truncate_radacct which will delete all sessions from the radacct table which - are older than a configurable number of days -* Fix a typo in sql.attrmap. Fix by Evren Yurtesen -* Work even when register_globals if off. Suggestion from Evren Yurtesen - Also add an entry in the FAQ about that. -* We don't need ORDER BY GroupName in show_groups.php3 since we have GROUP BY -* Use CISCO-POP-MGMT-MIB in snmpfinger instead of CISCO-CALL-HISTORY-MIB. Thanks to - Evren Yurtesen for the suggestion. -* Remember a few things in the user_test page. Also add another configuration file directive - general_radius_server_auth_proto specifying the default authentication protocol of the radius - server (pap or chap). -* Replace single quotes with double quotes in log_badlogins -* Add a missing -* Add sql_use_http_credentials configuration directive to connect to the sql database using the http user - credentials (that way there can be more than one administrator usernames, each with different privileges - on the sql database). -* Add more error messages when interacting with the SQL database -* Add sql_connect_timeout and sql_extra_servers configuration directives to be used by the log_badlogins script -* In log_badlogins create a separate sql input file for each sql server and append sql commands to it. If the - sql command succeeds we delete the corresponding input file. That way if an sql server is down we store the - accounting info in the input file and then send it all when it comes back up. -* Add a directive sql_debug. Add debugging statements in the sql library -* Add a directive ldap_debug. Add debugging statements in the ldap library -* Add debug statements in the pg driver -* In debug, output the sql queries in italic. Refer to enabling debugging in the FAQ -* Don't include user_info.php3 in the user_test page. -* Make things a little bit more simple in lib/ldap/change_attrs.php3 -* Fix a small bug in lib/ldap/create_user.php3. Unset the mod array before adding any values to it. -* Fix a small problem with debugging -* Do a write lock in radacct before truncating it in truncate_radacct -* In user_new show a select box with all the available groups. Based on an idea by Karel Stadler (kstadler) -* Add a column Admin in the badusers table which will contain the administrator username if that is available -* Add two new tables totacct and mtotacct containing per user aggregated statistics for each day and month - respectively. Also add two corresponding scripts in the bin folder, tot_stats and monthly_tot_stats. Lastly, - create a new page, user_stats.php3 which will show the top users in connections or connections duration based - on the data in the totacct table. -* Add a few comments in the tot_stats and monthly_tot_stats scripts -* Add support for ! in usernames in log_badlogins -* Call gethostbyaddr with an @ in front to suppress error messages -* Also add support for @ in usernames in log_badlogins -Ver 1.61: -* Add a string encoder for greek -* If general_decode_normal_attributes is set then encode attributes in lib/ldap/change_info. In the near future - language specific user attributes will be added in the change info and new user pages. Remove comments from - admin.conf about the change info page not working if this directive is used. -* When spliting cn in lib/ldap/create_user.php3 limit the split to 2 new elements not 3. -* Fix a few bugs in log_badlogins -* Fix a parse error in failed_logins.php3 -* Fix a bug in lib/defaults.php3 which did not allow the default.vals file to be used correctly -* Include password.php3 in lib/ldap/password_check.php3 -* When searching a user in ldap through the find page only try to find the users which have a uid attribute (username) -* Allow selecting a specific access server in the failed logins page -* In the user admin page use AcctStartTime not AcctStopTime when calculating usage for the last 7 days -* Also show server:port in the user test page (so that it shows when used for server checks) -* Now the create user page should work with sql -* Make the default general_lib_type sql instead of ldap -Ver 1.60: -* Use require_once when including lib/functions.php3 in lib/sql -* In the buttons toolbar Edit User should not be clickable. -* Add an arrow gif in htdocs/images to be used in the buttons page when adding multiple finger pages -* In snmpfinger also consider '-' as a valid character for a username -* Add support for realm in username and allow for realm striping in the web pages and in log_badlogins -* Add a few more comments in the admin.conf -* Update the FAQ with an entry about the Online Users page not showing anything. -* Update the FAQ with an entry about sessions. -* Allow the user to add extra attributes in the test user page -* Add a few comments in log_badlogins, support auth logs containing the password, work nice when the client - is localhost, add an option to scan the whole radius.log and add failed logins in the sql database (can be - used for initialization). -* html fixes in accounting.php3 -* Fix a problem in user_accounting when NASIPAddress is not set. -* Use CISCO-AAA-SESSION-MIB in snmpfinger -* In lib/ldap/functions.php3 only ask for the cn attribute in ldap_search not the whole entry. That should make - user_finger a lot faster when the user database is in ldap -* In lib/functions.php3 pass a second argument to date2timediv with the current time. user_finger calls that - function for each online user so we now don't need to do a lot of calls to time() but only one. That should make - user_finger somewhat faster. -* Fix a small issue with the general_accounting_info_order -* Fix a problem in failed_logins when NASIPAddress is not set. -* Allow for multiple regular profile attributes in a user entry. -* Allow for normal ldap user attributes to be utf8 encoded instead of ascii. Changing attribute values through - user_info will not work in that case. -* Fix a small bug in lib/ldap/defaults.php3. We should not be using $i in a for() loop but a new variable -* Add a comment in admin.conf about ldap server failover -* Map a specific username to the directory manager if we are using ldap and http authentication -Ver 1.59: -* Small html fixes in user_edit.php3 and password.php3 -* Show number of failed logins in the last 7 days in the user admin page -* Show date in the user/server test page -* In config.php3 include a relative admin.conf file not an absolute -* Add an entry in the FAQ about php magic quotes -* Escape double quotes in attribute values in the user edit page -* Fix a bug in lib/sql/change_passwd.php3 when not using operators. - Bug report from Sheldon Fougere -* Add the caller id in the connection status attributes in the show user page -* Allow for multiple default values. Also add a generic flag in ldap attrmap. If it exists then the - attribute is generic and user values *do not* overwrite default values. The operators in the generic - attribute can be used for that. The same is very difficult to implement for sql, so for now user - values overwrite default values in sql (user edit page). - A lot of code and a lot of files where changed so there may be bugs somewhere. -* In the user edit page print a message under the User Password field about if it exists or not. Update - the user_info.php3 lib files to check for it. -* In lib/ldap/defaults.php3 Dialup-Access should not be added in the default_vals. It is not inherited. -* If we are editing a group show a comment that in the radiusd sql module the group tables are evaluated - after the user tables. As a result user values should in general overwrite default values. -* Add support for the default_user_profile of the sql module in lib/sql/defaults.php3 -* In sql.attrmap User-Password should map to User-Password, not Password -* If an sql attribute is not contained in sql, assume that it has the same name as in dialup_admin and that - it is a reply item. Add a comment for that in conf/sql.attrmap. -* Change the way radius attributes are read from the sql database. The change should make things somewhat - faster. Create a reverse mapping from radius attributes to dialup_admin attributes. -* Add a configuration directive called ldap_use_http_credentials. If it is set to yes then we try to - connect to the ldap server with the username/password given in http authentication, not those contained - in admin.conf. That way multiple admins with different permissions on the ldap tree can work on a single - dialup_admin. -* With the same logic we allow for multiple buttons html pages. We now create a folder html/buttons which - by default contains a folder default. If the user logs in with http authentication then we try - to open the file html/buttons//buttons.html.php3. If we can't we open - html/buttons/default/buttons.html.php3. That way we can create muiltiple views of say the online users - page based on which admin requests the page. -* Call config.php3 before outputing any html. -* Add sessions in order to cache the various mappings. Add a corresponding configuration directive - general_use_session. Also add a session cache destroy page. -* Also cache the admin.conf if use_session is set to 1 in config.php3 -* Fix a few bugs -* Remove the auto password generator from the user edit page. It has no meaning since the password is not - shown -* In lib/sql/defaults.php3 instead of doing a select for each group the user belongs to, do one select with - a where in () caluse. -* Also cache the default.vals file. -* Update documentation -* Only connect and bind to the ldap server if we haven't done that before. -* Remove previous change. It was causing problems -* In the user test page ignore comments from the auth.request file -* Add a new config directive, ldap_write_server. If it is set then when we update the directory we try to - connect to that one instead of the ldap_server. That way we can read from the fast read-only replicas and - write to a slower master. -* Fix a few more bugs -* Add a failed logins page, to show the most recent failed logins. -* Fix a bug in the failed logins page -* Change use of AcctStartTime with AcctStopTime in failed_logins.php3 to match that in user_admin -* Fix a bug with failed logins in user_admin. -* Add the failed logins page in the buttons page -* Add a missing WHERE UserName = '$login' in the UPDATE statement in lib/sql/change_info.php3. Patch by - Eddie Bindt -Ver 1.55: -* Update the FAQ about missing attributes from the user/group edit pages and add a few comments - in the configuration files -* Add support for the Expiration attribute. Add it in the sql attribute map, in user_edit.attrs and - check for it in user_admin -* Add a few more keys in the userinfo and badusers tables. -* Fix a problem with lib/sql/defaults.php3 where the first character in the default value when using - operators was set to the opeator -* Add a user find page. User can be searched based on the full name, department or RADIUS attribute. - The radius attribute should be included in the _user_ profile, not in a group/regular/default profile. -* Add support for the user ldap regular profile attribute in user_edit.attrs -* Fix a stupid bug in accounting.php3. We should not use the show_attrs array. -Ver 1.54: -* Add attributes for the sql group tables in admin.conf. Now SQL group support should really work! -Ver 1.53: -* html fixes in show_groups.php3 -* When reporting sql errors also print the output of da_sql_error -* When updating ldap user information don't do an update if the new attribute value - is '-' (default value) -* Comment out Reply-Message in conf/user_edit.attrs since in sql it maps to the same attribute as - the lock message -Ver 1.52: -* Add Reply-Message in conf/user_edit.attrs so that it appears in the user/group edit pages -* Allow the administrator to specify a group in the New User page. Update lib/sql/create_user.php3 to add - the user to the specified group -* Call user_info.php3 and defaults.php3 in user_new.php3 after creating a user -* Only run if $login is not NULL in lib/sql/defaults.php3 -* In group admin add a button to administer the selected user which will redirect the administrator to the - corresponding user_admin page -* Add a show_groups.php3 to show all active user groups -Ver 1.51: -* Only call user_info.php3 in user_new.php3 when we are creating a user -* Fix a bug with personal information attributes in user_new.php3 -Ver 1.50: -* Add support for groups in SQL. Added several new files and modified a few more. -* Default values in SQL are now extracted from the group membership. Added a lib/sql/defaults.php3 file. - As a result the default operator is not '=' anymore but whatever we find in the group check and reply tables. -* In lib/sql/user_info.php3 set user_exists in more than one places. -* Add support for the '=*' and '!*' operators -* Added a HELP_WANTED file describing what are the major things missing which people could contribute. -* Updated TODO -* Added a help page for the Session Timeout and Idle Timeout attributes. -* The new group page should only be available if the general library type is sql. -* Fix a small bug in lib/sql/create_user.php3 where work and home phone were stored in the wrong fields. -* Set personal information attributes in lib/sql/user_info.php3 to default values. -* Add a page to change the user's personal information. Changed the user toolbar and added htdocs/user_info.php3 - along with lib/{sql,ldap}/change_info.php3 -* Print a message if we can't connect to the ldap server in lib/ldap/user_info.php3 -* Use a textarea for new members in group_admin.php3 and group_new.php3. Update lib/sql/create_group.php3 and - lib/sql/group_admin.php3 -* Set a few more personal information attributes to defaults in lib/sql/user_info.php3 -* Fix a typo for department -* Set personal information attributes to defaults in lib/ldap/user_info.php3 -* Have adddress and home address in user personal info -* Set $user_info in lib/{ldap,sql}/user_info.php3 and only if the user exists and has personal info -* Show language attributes only if general_prefered_lang is not 'en' -Ver 1.30: -* Add limit of results returned in accounting.php3 -* Fix a bug in time2strclock() in lib/functions.php3. Seconds ammount more than 9 would not show. - Bug noted by Timophey -* Reaarange a few things in user_admin. Put Subscription Analysis first and 'Account Status' second. Make a - few things bold. -* Change log_badlogins to use the mysql binary instead of the DBI module. That way we don't have any - dependencies and we don't need to bother with connection maintainance (dead mysql connections etc). -* html fixes in user_finger.php3 -* Fix a bug in lib/add_badusers.php3 which did not allow inserts in the badusers table. -* Make lib/ldap/password_check.php3 behave properly when it is passed a null password -* Allow for daily/weekly/monthly limits to be set to none and show correct results in the show user page -* Fix a small bug in user_admin.php3. -* Pass the whole password as salt in da_encrypt() in password_check.php3 -* Refresh the online users page every 50 secs. Patch by Alexandre Strube -* Check if the last logged in server and client ip are valid before calling gethostbyaddr -* If the same attribute appears more than once in the user edit page then show a count of the number of - occurences next to the attribute name -* Add a server argument to user_finger.php3. If it is set then the page will only show the logged in users - in that access server instead of all of them. Update the README with documentation for that fact. -Ver 1.29: -* Add general_ld_library_path directive and set LD_LIBRARY_PATH accordingly (used in snmpfinger and - radaclient). -* Add general_finger_type directive to determine if we will use snmpfinger in user_finger.php3 -* Fix a bug in config.php3 when we have a directive containing ':' -* Fix a bug in lib/ldap/change_attrs.php3 that did not allow changing more than one value of a - multivalued attribute simultaneously. -* Added selection of ordering in user_accounting.php3. Now it can be either ascending (older records - first) or descending (most recent records first). Added a corresponding configuration directive. -* Added operator support in sql. The eq(=),set(:=) and add(+=) operators are supported. Added an - sql_use_operators configuration directive. Hope everything works. -* Fixed a bug in sql/change_attrs which did not allow multi valued attributes in sql. -* unset item_vals before adding info in ldap and sql user_info files. -* Add support for the rest of the operators. Created the lib/operators.php3 file containing helper functions -* Fix a small bug in log_badlogins. The nas domain should be a variable not hard coded. -* Fix a bug in lib/sql/delete_user.php3. Call da_sql_query with the correct arguments -Ver 1.28: -* Make user_delete.php3 print something when a user is deleted -* Cache nas hostname lookups in user_accounting -Ver 1.27: -* Allow for variable expansion in the configuration file. Something like: - general_base_dir: /usr/local/dialup_admin - general_default_file: %{general_base_dir}/conf/default.vals -* Small changes in the README file -* A few corrections in the sql drivers -* Enlarged the textboxes in the user_edit page -* Created a folder help -* Added a help page for: - o Login-Time - o Simultaneous-Use - o Dialup-Access - o Framed-Compression - o Port-Limit - o Lock Message - o Framed-IP-Address -Ver 1.26: -* A few bugfixes for the general sql code (typo mistakes mostly) -Ver 1.25: -* Deleted a mysql_close from lib/mysql/create_user since we now have persistent sql connections -* Removed the select_db() from accounting.php3 since it is not needed -* A lot of html changes in accounting.php3 -* Changed the sql code to be modular. Now under lib we don't have a mysql directory but a sql directory - with a directory drivers which contains the database specific functions. As a result all calls to mysql* - functions where changed to call da_sql* functions. Right now mysql should work and postgresql *may* work - It is not tested though. Hopefully things will come back to being stable in a few days. -* Added sql_port and sql_type configuration file directives -Ver 1.20: -* Fixed a bug in lib/ldap/change_attrs. When we modify an attribute do an ldap_mod_del($mod) and then a - ldap_mod_add($add_r) -* In accounting.php3 show the attribute description instead of the attribute name. -Ver 1.19: -* In lib/ldap/check_password.php3 don't do a user search but use the already available user DN -* Remove the language support from the get_user_info() functions. They are only used in the user_finger page -* In user_state show weekly usage for the week starting from sunday 00:00, not for the last 7 days -* Show upload/download when connected or for the last time the user connected -* Fixed a few minor problems with the help and about pages -Ver 1.18: -* Fixed a small problem with total upload,download numbers in user_admin -* Fixed a major problem in the accounting report generator when adding an attribute check. Now it - should be all OK. -* Fixed a small bug in lib/mysql/functions.php3. Bug found be galileo@microsky.net -Ver 1.17: -* Fixed a few more problems in the mysql code -* Updated README -* the help page now prints the README file. It also has a common layout with the other pages -* Changed the about page to have a common look with the other pages. -Ver 1.16: -* Fixed a few typing mistakes in mysql.attrmap -* If the corresponding attribute name (in ldap or mysql) is 'none' then do not - edit/add it. Based on a bug report by galileo@microsky.net -* Fixed a few errors in lib/attrshow.php3 -Ver 1.15: -* Added user test page. It will use radclient to send a radius access-request - to the radius server and check the response. This page is also used to check - that the radius server is working fine. Added user_test.php3 and a few config - file parameters. -* Support for multi valued attributes. -* Changed cleartext encryption name from none to clear -* Renamed the general_sql_row_limit configuration directive to sql_row_limit -Ver 1.12: -* Added an FAQ -* Small changes in html code -* Small changes in the README file -* Fixed a small problem in delete_user from ldap -* Removed the Base64 encode since it was causing problems -Ver 1.11: -* Changed all ldap_bind() to use the ldap bind DN and password. Should have been - the default behaviour -* Do a Base64 encode in ldap/change_password.php3 before sending the password to - the ldap server -* Added support for module messages in log_badlogins and user_accounting -* Updated documentation -Ver 1.10: -* Added support for users in mysql database. All bugs are welcome. To activate - just use mysql as library_type -* Added support for salt in crypt.php3 -* Added userinfo table to keep information for users (Name,Phone etc). Added two - corresponding values in admin.conf -* Added mysql.attrmap for mysql support -* Added TODO -* Added persistent connections for mysql (mysql_pconnect()) -Ver 1.00: -* Added password change facility in user_edit. Support for multiple - password encryption methods -* Added user deletion page user_delete.php3 with corresponding ldap lib code -* Moved the second user_info.php3 include in user_edit to the correct location. Also - used isset instead of == '' -* Moved the action toolbar (show,edit,accounting...) into a separate html file -* Added the nas model in user_finger.php3 -Ver 0.99.8: -* Added the caller id in the finger facility -* Changed the start date in the badusers file to 0000 -* Added the out of quota message in user_admin -* fixed a few problems with the html code in user_admin.php3 -* calculate account status in user_admin for the last week only -* Change font color to red if used time > corresponding limit (weekly or daily) -* Added the user_stats.php3. It can be used by outside pages to get a quick - overview of the status of the user. It will return the following fields - separated by new lines: - account_status(active or inactive),lock message,weekly limit,daily limit, - weekly used,weekly connections,daily used,daily connections -* fixed a bug in the subscription analysis in user_admin.php3 -* calculate weekly used from sunday 00:00:00 when the counters reset -* added clean_radacct which will clean radacct entries which have been open - for more than a day. It will not do any harm even if it is incorrect since - when rlm_sql runs if the update operation fails then it will fall back to - insert (see sql.conf) -* added log_badlogins. It will continuously read the radius.log file and log - to the radacct table all login incorrect and multiple logins with a - corresponding acctterminatecause. user_accounting.php3 is already prepared - for this (it will show those entries in red) -* fix a small bug with null values in change_vals.php3 of the ldap lib -Ver 0.99: -* Added the badusers table -* Added the default and regular profile from ldap for user_edit -* Added the snmpfinger in the finger facility so that it will not - relly on the sql database. -* Added the new user facility -* Added support for the Lock Message facility -* Various bug fixes and enhancements - -Ver 0.31: -* Added the @ sign in the {mysql,ldap}_{open,close} functions so that - they don't show error messages -* Changed double quotes with single quotes where applicable for performance - reasons diff --git a/dialup_admin/Makefile b/dialup_admin/Makefile deleted file mode 100644 index 6f207212796..00000000000 --- a/dialup_admin/Makefile +++ /dev/null @@ -1,50 +0,0 @@ -# -# Makefile -# -# Version: $Id$ -# - -include ../Make.inc - -DIALUP_PREFIX := /usr/local/dialup_admin -DIALUP_DOCDIR := $(DIALUP_PREFIX)/doc -DIALUP_CONFDIR := $(DIALUP_PREFIX)/conf - -all: - -install: - install -d -m 0755 $(R)/$(DIALUP_PREFIX) - install -d -m 0755 $(R)/$(DIALUP_DOCDIR) - install -d -m 0755 $(R)/$(DIALUP_CONFDIR) - install -d -m 0755 $(R)/$(DIALUP_PREFIX)/bin - find doc Changelog README -name CVS -prune -o -type f -print0 | \ - xargs -0 install -m 0644 -t $(R)/$(DIALUP_DOCDIR) - find conf -name CVS -prune -o -type f -print0 | \ - xargs -0 install -m 0644 -t $(R)/$(DIALUP_CONFDIR) - find htdocs html lib sql -name CVS -prune -o -print | \ - while read file; do \ - if [ -d "$$file" ]; then \ - install -d -m 0755 "$(R)/$(DIALUP_PREFIX)/$$file"; \ - else \ - install -m 0644 "$$file" "$(R)/$(DIALUP_PREFIX)/$$file"; \ - fi; \ - done - sed -e 's#/usr/local/dialup_admin#$(DIALUP_PREFIX)#' \ - -e 's#/usr/local/radiusd#$(prefix)#' \ - -e 's#general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb#general_raddb_dir: $(raddbdir)#' \ - -e 's#general_clients_conf: /usr/local/etc/raddb/clients.conf#general_clients_conf: $(raddbdir)/clients.conf#' \ - -e 's#%{general_base_dir}/conf#$(DIALUP_CONFDIR)#' \ - -e 's#/usr/local/bin#$(bindir)#' \ - conf/admin.conf > $(R)/$(DIALUP_CONFDIR)/admin.conf - sed -e 's#../../README#$(DIALUP_DOCDIR)/README#' \ - htdocs/help/help.php > $(R)/$(DIALUP_PREFIX)/htdocs/help/help.php - for binfile in backup_radacct clean_radacct clearsession log_badlogins monthly_tot_stats showmodem snmpfinger sqlrelay_query tot_stats truncate_radacct; do \ - sed -e 's#/usr/local/bin/#${bindir}#' \ - -e 's#/usr/local/dialup_admin/conf/#$(DIALUP_CONFDIR)/#' \ - bin/$$binfile > $(R)/$(DIALUP_PREFIX)/bin/$$binfile ; \ - chmod 0755 $(R)/$(DIALUP_PREFIX)/bin/$$binfile; \ - done - sed -e 's#/usr/local/dialup_admin#$(DIALUP_PREFIX)#' \ - bin/dialup_admin.cron > $(R)/$(DIALUP_PREFIX)/bin/dialup_admin.cron - -.PHONY: all install diff --git a/dialup_admin/README b/dialup_admin/README deleted file mode 100644 index fdcab0efa9d..00000000000 --- a/dialup_admin/README +++ /dev/null @@ -1,124 +0,0 @@ -dialup_admin is a web based administration interface for the freeradius radius server. -It is written in PHP4 (although the files have an extension of php for historical reasons). -It is modular and right now it assumes that user information is stored in an ldap server -or an sql database and accounting in an sql server. - -Extra documentation from Stadler Karel (): -http://kstadler.ch/index.php?topgroupid=1&subgroupid=14&groupid=11 - -There is also a nice HOWTO in the doc folder - - -INSTALLATION: - -Put dialup_admin in /usr/local/dialupadmin -Create a link from your htdocs directory to /usr/local/dialupadmin/htdocs -Edit /usr/local/dialupadmin/conf/* files to match your needs - - -There are also a few more things included: - -* sql/badusers.sql: It will create a table named badusers which can be used to hold the - history for badusers (date,action) -* sql/userinfo.sql: It will create a table named userinfo which contains personal information - for users stored in the sql database. This can be used if a sql database is used to store user profiles - (not ldap). -* bin/log_badlogins: It will constantly check the radiusd.log file and add all login-incorrect, - invalid-user, outside of allowed login time and multiple-login cases to the radacct table with - acctstarttime=acctstoptime, acctsessiontime=0 and acctterminatecause containing the reason. - If the failing module sent back a module message then it will also appear in the terminate cause. - You will need to setup the $mysql and $tmpfile variables to suite your mysql installation and needs. - Perl module Date::Manip is needed by the script. -* bin/clean_radacct: It will delete all entries in the radacct table with a starttime > 1 day and - stoptime = 0. It will not do an harm even if it deletes valid entries since radiusd will fall - back to insert if update fails. -* bin/truncate_radacct: It will delete sessions from the radacct table which are older than a configurable - number of days -* bin/tot_stats: Update the totacct table with aggregated daily accounting information for each user. - We keep a row per user for each day. -* bin/monthly_tot_stats: Log in the mtotacct table aggregated accounting information for each user spaning - in one month period. If the current month has not ended it will log information up to the current month day - - - - -The structure of the tree is: - -conf:: Contains various configuration files. -conf::admin.conf=> - The main configuration file. The directives used should be easily - understood -conf::config.php=> - Just a helper php4 for reading the admin.conf file. -conf::default.vals=> - Contains the default values for check and reply items. If you also use the users - file except for the ldap/sql databases fill in the default values you have inserted - for the users.Else comment them out. -conf::sql.attrs=> - Contains inmformation about the sql attributes. This is used by the accounting - report generator (accounting.php). -conf::user_edit.attrs=> - Contains the attributes that user_edit.php will show. Just uncomment those - which you want to be displayed. -conf::extra.ldap-attrmap=> - Contains a few items not included in ldap.attrmap which are used only by dialup_admin - Things like User-Password and Dialup-Lock-Msg. Use none for attributes that are not known - by the radius or ldap server. -conf::sql.attrmap=> - Contains the Attribute map for the sql database. Use none for attributes that are not known by - the radius server. -conf::auth.request=> - Contains value pairs sent in the test packets which are sent from the test user/server pages. - -htdocs:: Contains the basic php files -htdocs::index.html=> - The main index file. Just contains the frames tags -htdocs::content.html=> - Change this file to include the greeting of your choise -htdocs::buttons.php=> - This will open the corresponding buttons html file in the html/buttons folder -htdocs::style.css=> - CSS style file. Change it to match your preferences -htdocs:: user_state.php => - It can be used by outside pages to get a quick - overview of the status of a user. It will return the following fields - separated by new lines: - account_status(active or inactive),lock message,weekly limit,daily limit, - weekly used,weekly connections,daily used,daily connections, - active sessions number,active sessions time -htdocs:: user_finger.php => - It will finger the nas(es) and show the logged in users. If an argument server is passed then - it will only show users for the specific access server. - If an argument usage_summary is passed then it will only show a line like: - "Online: Free: " which can be used by other pages -htdocs::failed_logins.php => - It will show all the failed logins as logged in the radacct table by the log_badlogins script - -html:: Contains the html code for a few pages -html::user_admin.html.php => - html code for the user_admin page -html::stats.html.php => - html code for the stats page -html::user_toolbar.html.php => - the user toolbar (show,edit,accounting...) which appears in almost all pages -html::group_toolbar.html.php => - the toolbar shown in the group manipulation pages -html::/buttons - contains a folder default which contains a buttons.html.php file. When a user is connecting - with http authentication we first try to open the file in the folder . If that fails - we open the file in the default folder. That way each admin can have a different view of the buttons - bar (for example see different finger pages). - -lib:: Contains the library items -lib::ldap=> - The ldap files -lib::lang=> - Allow for multiple languages to be supported -lib::crypt=> - Allow for multiple encryption schemes (for user passwords) -lib::sql=> - Contains the sql library files. There is also a directory drivers - which contains functions for various sql databases (mysql and - postgresql for the time being). - -The rest: The rest are the php4 files. Normally, you should not need to change anything in them. diff --git a/dialup_admin/bin/Changelog.GuyFraser b/dialup_admin/bin/Changelog.GuyFraser deleted file mode 100644 index bb6e1f29516..00000000000 --- a/dialup_admin/bin/Changelog.GuyFraser +++ /dev/null @@ -1,51 +0,0 @@ -Fri Dec 19 2003 ---------------- -Fixed a couple bugs. -Tested against current CVS, and all programs appear to work. - -Wed Dec 17 2003 ---------------- -Added configurable entries to admin.conf. -TODO: Write a proper config file parser to get recursive entries from config -file. - -Tue Dec 16 2003 ---------------- - -File Compatiblity Change ------------------------ --------------- --------------------------------------- -clean_radacct MySQL/PG Added PG compatability -log_badlogins MySQL/PG Added PG compatability - " Added routine to determine ip from the - " FreeRadius clients.conf file. -monthly_tot_stats MySQL/PG Added PG compatability -showmodem UCD/NET Made compatabile with Net/UCD SNMP - " Cleaned up output formatting. -snmpfinger UCD/NET Made compatabile with Net/UCD SNMP -tot_stats MySQL/PG Added PG compatability - " Added a delete request. -truncate_radacct MySQL/PG Added PG compatability - -These utilities have been updated to work with NET-SNMP, and have been modified -to work with PostgreSQL. - -The argument order and options for NET-SNMP have changed from UCD-SNMP's -requirements. Since most current Unix type systems are using the newer -NET-SNMP, I have included the changes for everyones benefit. - -I have also modified some scripts : - -log_badlogins - I changed it to use the data from the FreeRadius clients.conf - file to determine the IP address of each NAS. I did this because in my - case, and likely that of many others, the shortname from the radius log - file is not shortname.domain.com, where domain.com is defined in - admin.conf. - -showmodem - I cleaned up the output presentation. - -Path to admin.conf, set to /usr/local/dialup_admin/conf/ for all scripts. - -Guy Fraser -Network Administrator -The Internet Centre -Edmonton, Alberta, Canada. diff --git a/dialup_admin/bin/backup_radacct b/dialup_admin/bin/backup_radacct deleted file mode 100755 index 2b6d2d3235c..00000000000 --- a/dialup_admin/bin/backup_radacct +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/perl -use POSIX; -use File::Temp; - -$conf=shift||'/data/local/dialupadmin/conf/admin.conf'; -$back_days = 80; -$backup_directory = "/logs/radiusd/accounting"; - -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - $sql_server = $val if ($key eq 'sql_server'); - $sql_type = $val if ($key eq 'sql_type'); - $sql_port = $val if ($key eq 'sql_port'); - $sql_username = $val if ($key eq 'sql_username'); - $sql_password = $val if ($key eq 'sql_password'); - $sql_database = $val if ($key eq 'sql_database'); - $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); - $sqlcmd = $val if ($key eq 'sql_command'); -} -close CONF; - -die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq ''); -die "sql command '$sqlcmd' not found or does not seem to be executable\n" if (! -x $sqlcmd); -if ($sql_type eq 'mysql'){ - $sql_password = ($sql_password eq '') ? '' : "-p$sql_password"; -} -$sql_password =~ s/(\W)/\\$1/g; - -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; -$date = POSIX::strftime("%Y-%m-%d",$sec,$min,$hour,($mday - ($back_days - 1)),$mon,$year,$wday,$yday,$isdst); -$date2 = POSIX::strftime("%Y-%m-%d",$sec,$min,$hour,($mday - ($back_days + 1)),$mon,$year,$wday,$yday,$isdst); -$date3 = POSIX::strftime("%Y%m%d",$sec,$min,$hour,($mday - $back_days),$mon,$year,$wday,$yday,$isdst); -if (POSIX::strftime("%Y-%m-%d %T",localtime) eq $date){ - die "Could not set correct back date.\n"; -} - -$query = "SELECT * FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime > '$date2';"; -print "$query\n"; -my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; -print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print $fh $query; -close $fh; -$comm = "$sqlcmd -B -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename >$backup_directory/$date3" if ($sql_type eq 'mysql'); -$comm = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database >$backup_directory/$date3" if ($sql_type eq 'pg'); -$command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename >$backup_directory/$date3" if ($sql_type eq 'sqlrelay'); -`$comm`; -`/usr/local/bin/gzip -9 $backup_directory/$date3`; diff --git a/dialup_admin/bin/clean_radacct b/dialup_admin/bin/clean_radacct deleted file mode 100755 index 76ac4c877c3..00000000000 --- a/dialup_admin/bin/clean_radacct +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/perl -# -# Clean stale open sessions from the radacct table. -# we only clean up sessions which are older than $back_days -# Works with mysql and postgresql -# -use POSIX; -use File::Temp; - -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; -$back_days = 35; - - -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - $sql_type = $val if ($key eq 'sql_type'); - $sql_server = $val if ($key eq 'sql_server'); - $sql_username = $val if ($key eq 'sql_username'); - $sql_password = $val if ($key eq 'sql_password'); - $sql_database = $val if ($key eq 'sql_database'); - $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); - $sqlcmd = $val if ($key eq 'sql_command'); -} -close CONF; - -die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq ''); -die "sql command '$sqlcmd' not found or does not seem to be executable\n" if (! -x $sqlcmd); - -if ($sql_type eq 'mysql'){ - $sql_password = (!$sql_password) ? '' : "-p$sql_password"; -} -$sql_password =~ s/(\W)/\\$1/g; - -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; -$date = POSIX::strftime("%Y-%m-%d %T",$sec,$min,$hour,($mday - $back_days),$mon,$year,$wday,$yday,$isdst); -print "$date\n"; -if (POSIX::strftime("%Y-%m-%d %T",localtime) eq $date){ - die "Could not set correct back date.\n"; -} - -$query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';"; -print "$query\n"; -my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; -print $fh $query; -close $fh; -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); -`$command`; diff --git a/dialup_admin/bin/clearsession b/dialup_admin/bin/clearsession deleted file mode 100755 index 35060d70efa..00000000000 --- a/dialup_admin/bin/clearsession +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/perl - -$login = 'nas-login'; -$passwd = 'nas-password'; - -$host=shift || ''; -$type = shift || 'snmp'; -$nastype = shift || 'cisco'; -$username=shift || ''; -$sessionid = shift || ''; - -$port = 0; -$comm = ''; - -if ($type eq 'snmp'){ -$comm = shift || 'public'; -} -if ($type eq 'telnet'){ -$port = shift || 0; -} - - -die "No \$host argument given\n" if ($host eq ''); -die "No \$username argument given\n" if ($username eq ''); - -if ($nastype eq 'cisco' && $type eq 'telnet'){ - die "Usage: clearsession \$host telnet cisco \$username \$sessionid \$port\n" if ($port == 0); - - if (eval require Net::Telnet::Cisco){ - Net::Telnet::Cisco->import(); - - my $session = Net::Telnet::Cisco->new(Host => $host); - $session->login($login, $passwd); - - if ($port >= 20000){ - my @output = $session->cmd("sh caller user $username"); - foreach $line (@output){ - if ($line =~ /User: $username, line (Vi\d+),/){ - $session->cmd("clear interface $1"); - } - } - } - else{ - $session->cmd("clear line $port\n"); - } - - $session->close; - } -} -if ($nastype eq 'cisco' && $type eq 'snmp'){ - - $SNMPGET="/usr/local/bin/snmpget"; - $SNMPSET="/usr/local/bin/snmpset"; - - die "Could not find snmpwalk binary. Please make sure that the \$SNMPGET variable points to the right location\n" if (! -x $SNMPGET); - die "Could not find snmpset binary. Please make sure that the \$SNMPSET variable points to the right location\n" if (! -x $SNMPSET); - die "Usage: clearsession \$host snmp \$username cisco \$sessionid \$community\n" if ($sessionid eq '' || $comm eq ''); - - if ($sessionid ne '' && $username ne ''){ - print "$SNMPGET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.2.$sessionid\n"; - $walk =`$SNMPGET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.2.$sessionid`; - unless ($walk =~ /^$/){ - if ($walk =~ /$username/){ - print "FOUND: $username\n"; - `$SNMPSET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.5.$sessionid i 1`; - } - } - } -} diff --git a/dialup_admin/bin/dialup_admin.cron b/dialup_admin/bin/dialup_admin.cron deleted file mode 100644 index bc1cee2b0ca..00000000000 --- a/dialup_admin/bin/dialup_admin.cron +++ /dev/null @@ -1,4 +0,0 @@ -1 0 * * * /usr/local/dialup_admin/bin/tot_stats >/dev/null 2>&1 -5 0 * * * /usr/local/dialup_admin/bin/monthly_tot_stats >/dev/null 2>&1 -10 0 1 * * /usr/local/dialup_admin/bin/truncate_radacct >/dev/null 2>&1 -15 0 1 * * /usr/local/dialup_admin/bin/clean_radacct >/dev/null 2>&1 diff --git a/dialup_admin/bin/log_badlogins b/dialup_admin/bin/log_badlogins deleted file mode 100755 index 5a1ee99dce5..00000000000 --- a/dialup_admin/bin/log_badlogins +++ /dev/null @@ -1,228 +0,0 @@ -#!/usr/bin/perl -# -# Log failed logins in the sql database -# Works with mysql, postgresql and Oracle -# It will read the sql parameters from the admin.conf file -# -# Usage: -# log_badlogins [] [all] -# -# Defaults: -# radius.log: none -# admin.conf: /usr/local/dialup_admin/conf/admin.conf -# all: no. Go to the end of the file. Don't read it all. - -use Date::Manip qw(ParseDate UnixDate); -use Digest::MD5; -use File::Temp; -$|=1; - -$file=shift||'none'; -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; -$all_file=shift||'no'; -# -# Uncomment to force inserts even if there are sql errors. That can -# help in case there is one sql query which stops the whole failed -# logins logging system from working -#$force=1; -# -# -# CHANGE THESE TO MATCH YOUR SETUP -# -#$regexp = 'from client localhost port 135|from client blabla '; -$tmpdir=tempdir( CLEANUP => 1 ); -$tmpfile="$tmpdir/sql.input"; -# -$verbose = 0; -# - -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - # Fixme : recursivly solve %{.*} replacement for $val - # Fixme: Conf should be put in an associative array - $sql_type = $val if ($key eq 'sql_type'); - $sql_server = $val if ($key eq 'sql_server'); - $sql_username = $val if ($key eq 'sql_username'); - $sql_password = $val if ($key eq 'sql_password'); - $sql_database = $val if ($key eq 'sql_database'); - $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); - $realm_strip = $val if ($key eq 'general_strip_realms'); - $realm_del = $val if ($key eq 'general_realm_delimiter'); - $realm_for = $val if ($key eq 'general_realm_format'); - $domain = $val if ($key eq 'general_domain'); - $sql_timeout = $val if ($key eq 'sql_connect_timeout'); - $sql_extra = $val if ($key eq 'sql_extra_servers'); - $sqlcmd = $val if ($key eq 'sql_command'); - $clients= $val if ($key eq 'general_clients_conf'); -} -close CONF; - -open CLIENTS, "<$clients" - or die "Could not open $clients file\n"; -while(){ - chomp; - s/^\s*//g; - s/\s*#.*//g; - if (!/^\s*$/ && /=/) { - ($key,$val)=(split /\s*=\s*/,$_); - $client_short = $val if ($key eq 'shortname'); - } else { - if (/\{/) { - s/.*client\s+([^\s]*)\s+\{.*$/\1/; - if (/^\d+\.\d+\.\d+\.\d+/) { - $client = $_; - } else { - if (/\./ || /localhost/) { - $name = $_ ; - } else { - $name = $_.".".$domain; - } - $addr = gethostbyname $name; - ($a,$b,$c,$d)=unpack('C4',$addr); - $client = "$a.$b.$c.$d"; -#DEBUG# print $name." = ".$client."\n"; - } - } else { - if (/\}/) { - $client_array{$client_short} .= $client; - } - } - } -} -close CLIENTS; - -$realm_del = '@' if ($realm_del eq ''); -$realm_for = 'suffix' if ($realm_for eq ''); -if ($sql_type eq 'mysql'){ - $pass = (!$sql_password) ? '' : "-p$sql_password"; -} -else{ - $pass = $sql_password; -} -$pass =~ s/(\W)/\\$1/g; -die "SQL server not defined\n" if ($sql_server eq ''); - -die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq ''); -die "sql command '$sqlcmd' not found or does not seem to be executable\n" if (! -x $sqlcmd); - -$opt = ""; -$opt = "-O connect_timeout=$sql_timeout" if ($sql_timeout); -$opt .= " -f" if ($force); -@servers = (split /\s+/,$sql_extra) if ($sql_extra ne ''); -unshift @servers, $sql_server; - -open LOG, "<$file" - or die "Could not open file $file\n"; -if ($verbose > 1) { print STDOUT "DEBUG: Opened $file\n" } - -seek LOG, 0, 2 if ($all_file eq 'no'); -for(;;){ - while(){ - if ($verbose > 1) { print STDOUT "DEBUG: Reading $file\n" } - $do=0; - chomp; - next if ($regexp ne '' && !/$regexp/); - if ($_ ne ''){ - $user = $nas = $port = $caller = '-'; - if (/Login incorrect/){ - if (/Login incorrect $(.+?)$:/){ - $cause = "Login-Incorrect ($1)"; - if ($verbose > 1) { print STDOUT "DEBUG: Login-Incorrect ($1)\n" } - }else{ - $cause='Login-Incorrect'; - if ($verbose > 1) { print STDOUT "DEBUG: Login-Incorrect\n" } - } - $do=1; - } - elsif (/Invalid user/){ - if (/Invalid user $(.+?)$:/){ - $cause = "Invalid-User ($1)"; - }else{ - $cause='Invalid-User'; - } - $do=1; - } - elsif (/Multiple logins/){ - if (/MPP attempt/){ - $cause='Multiple-Logins (MPP Attempt)'; - }else{ - $cause='Multiple-Logins'; - } - $do=1; - } - elsif (/(Outside allowed timespan $.+?$):/){ - $cause = "$1"; - $do=1; - } - if ($do){ - $date = (split / : /,$_)[0]; - $date2 = ParseDate($date); - if ($date2){ - ($year,$mon,$mday,$hour,$min,$sec)=UnixDate($date2,'%Y','%m','%d','%H','%M','%S'); - } - $time = "$year-$mon-$mday $hour:$min:$sec"; - if (/\[([\w\-\.\!\@\s]+?)\]\s+$from (.+?)$/){ - $user = $1; - ($nas,$port) = (split /\s+/,$2)[1,3]; - if ($2 =~ /cli (.+?)$/){ - $caller = $1; - } - } - elsif (/\[([\w\-\.\!\@\s]+?)\/.+?\]\s+$from (.+?)$/){ - $user = $1; - ($nas,$port) = (split /\s+/,$2)[1,3]; - if ($2 =~ /cli (.+?)$/){ - $caller = $1; - } - } - $caller='' if (!defined($caller)); - $user =~s/[^\w\-\.\d\!\@\s]//g; - $nas =~s/[^\w\.\-]//g; - $port =~s/[^\d]//g; - $addr = $client_array{$nas}; - if ($user ne '' && $realm_strip eq 'yes'){ - ($one,$two) = (split /$realm_del/, $user)[0,1]; - if ($two ne ''){ - $user = ($realm_for eq 'suffix') ? $one : $two; - } - } - foreach $server (@servers){ - unlink "$tmpfile.$server" if ($delete{$server}); - open TMP, ">>$tmpfile.$server" - or die "Could not open temporary file\n"; - $ctx = Digest::MD5->new; - $ctx->add($user); - $ctx->add($addr); - $ctx->add($port); - $ctx->add($time); - $ctx->add('badlogin'); - $uniqueid = $ctx->hexdigest; - print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -#DEBUG# print "INSERT INTO $sql_accounting_table (UserName,AcctUniqueId,NASIPAddress,NASPortId,AcctStartTime,AcctStopTime,AcctSessionTime,AcctInputOctets,AcctOutputOctets,CallingStationId,AcctTerminateCause) VALUES ('$user','$uniqueid','$addr','$port','$time','$time','0','0','0','$caller','$cause');\n"; - print TMP "INSERT INTO $sql_accounting_table (UserName,AcctSessionId,AcctUniqueId,NASIPAddress,NASPortId,AcctStartTime,AcctStopTime,AcctSessionTime,AcctInputOctets,AcctOutputOctets,CallingStationId,AcctTerminateCause) VALUES ('$user','$uniqueid','$uniqueid','$addr','$port','$time','$time','0','0','0','$caller','$cause');\n"; - close TMP; - $command = "$sqlcmd -h$server $opt -u$sql_username $pass $sql_database <$tmpfile.$server" if ($sql_type eq 'mysql'); - $command = "$sqlcmd -U $sql_username -f $tmpfile.$server $sql_database" if ($sql_type eq 'pg'); - $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); - $command = "$sqlcmd '$server' '$sql_port' '' '$sql_username' '$sql_pass' <$tmpfile.$server" if ($sql_type eq 'sqlrelay'); - if ($verbose > 1) { print STDOUT "DEBUG: Sending datafile $tmpfile.$server to \"$sql_type\" database\n" } - `$command`; - if ($verbose > 1) { print STDOUT "DEBUG: Sent data to \"$sql_type\" database\n" } - - $exit = $? >> 8; - $delete{$server} = ($exit == 0) ? 1 : 0; - print STDERR "ERROR: SQL query failed for host $server\n" if ($exit != 0); - } - } - } - } - if ($all_file ne 'once') { - sleep 2; - seek LOG,0,1; - } else { - exit(0); - } -} diff --git a/dialup_admin/bin/monthly_tot_stats b/dialup_admin/bin/monthly_tot_stats deleted file mode 100755 index e3e7ea47663..00000000000 --- a/dialup_admin/bin/monthly_tot_stats +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/perl -use POSIX; -use File::Temp; - -# Log in the mtotacct table aggregated accounting information for -# each user spaning in one month period. -# If the current month has not ended it will log information up to -# the current month day -# Works only with mysql and postgresql -# - -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; - - -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - $sql_type = $val if ($key eq 'sql_type'); - $sql_server = $val if ($key eq 'sql_server'); - $sql_username = $val if ($key eq 'sql_username'); - $sql_password = $val if ($key eq 'sql_password'); - $sql_database = $val if ($key eq 'sql_database'); - $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); - $sqlcmd = $val if ($key eq 'sql_command'); -} -close CONF; - -die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq ''); -die "sql command '$sqlcmd' not found or does not seem to be executable\n" if (! -x $sqlcmd); - -if ($sql_type eq 'mysql'){ - $sql_password = (!$sql_password) ? '' : "-p$sql_password"; -} -$sql_password =~ s/(\W)/\\$1/g; - -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; -if ($mday == 1){ - $mon--; -} -$date_start = POSIX::strftime("%Y-%m-%d",0,0,0,1,$mon,$year,$wday,$yday,$isdst); -$date_end = POSIX::strftime("%Y-%m-%d",0,0,0,$mday,$mon,$year,$wday,$yday,$isdst); - -$query1 = "DELETE FROM mtotacct WHERE AcctDate = '$date_start';"; -$query2 = "INSERT INTO mtotacct (UserName,AcctDate,ConnNum,ConnTotDuration, - ConnMaxDuration,ConnMinDuration,InputOctets,OutputOctets,NASIPAddress) - SELECT UserName,'$date_start',SUM(ConnNum),SUM(ConnTotDuration), - MAX(ConnMaxDuration),MIN(ConnMinDuration),SUM(InputOctets), - SUM(OutputOctets),NASIPAddress FROM totacct - WHERE AcctDate >= '$date_start' AND - AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;"; -print "$query1\n"; -print "$query2\n"; -my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; -print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print $fh $query1; -print $fh $query2; -close $fh; -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); -$command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); -`$command`; diff --git a/dialup_admin/bin/showmodem b/dialup_admin/bin/showmodem deleted file mode 100755 index 58040578ba0..00000000000 --- a/dialup_admin/bin/showmodem +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/perl -# -# This works with Net-SNMP and UCD-SNMP - -$host=shift; -$user=shift; -$comm=shift || "public"; -$type=shift|| "xml"; - -$conf='/usr/local/dialup_admin/conf/admin.conf'; -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - $snmp_type = $val if ($key eq 'general_snmp_type'); - $snmpget = $val if ($key eq 'general_snmpget_command'); - $snmpwalk = $val if ($key eq 'general_snmpwalk_command'); -} -close CONF; - -die "general_snmp_type directive is not set in admin.conf\n" if ($snmp_type eq ''); -die "Could not find snmpwalk binary. Please make sure that the \$snmpwalk variable points to the right location\n" if (! -x $snmpwalk); - -if ($snmp_type = 'ucd') { - $snmpgetcmd="$snmpget $host $comm"; - $snmpwalkcmd="$snmpwalk $host $comm"; -} -if ($snmp_type = 'net') { - $snmpgetcmd="$snmpget -v 1 -c $comm $host"; - $snmpwalkcmd="$snmpwalk -v 1 -c $comm $host"; -} -#DEBUG#print "$snmpwalkcmd\n"; print "$snmpgetcmd\n"; -@ModulationScheme = ( - "error", - "unknown", - "bell103a", - "bell212a", - "v21", - "v22", - "v22bis", - "v32", - "v32bis", - "vfc", - "v34", - "v17", - "v29", - "v33", - "k56flex", - "v23", - "v32terbo", - "v34plus", - "v90", - "v27ter", -); - -@Protocol = ( - "error", - "normal", - "direct", - "reliableMNP", - "reliableLAPM", - "syncMode", - "asyncMode", - "ara10", - "ara20", - "unknown", -); -#DEBUG#print "$snmpwalkcmd enterprises.9.2.9.2.1.18 | grep $user\n"; -$modem=`$snmpwalkcmd enterprises.9.2.9.2.1.18 | grep $user`; -if($modem=~/enterprises\.9\.2\.9\.2\.1\.18\.(\d+) =/){ - $modem=$1; - $slot=(1+int($modem/120)); - $port=$modem%120-1; - $modem="$slot.$port"; - -#DEBUG#print "$snmpgetcmd enterprises.9.9.47.1.3.1.1.9.$modem\n"; - $duration=`$snmpgetcmd enterprises.9.9.47.1.3.1.1.9.$modem` or die "No MIB\n"; - $duration=~/\) (.*)\./; - $duration=$1; - -#DEBUG#print "$snmpgetcmd enterprises.9.9.47.1.3.1.1.12.$modem\n"; - $modulation=`$snmpgetcmd enterprises.9.9.47.1.3.1.1.12.$modem` or die "No MIB\n"; - $modulation=~/ \= (\d+)/; - $modulation=$ModulationScheme[$1]; - -#DEBUG#print "$snmpgetcmd enterprises.9.9.47.1.3.1.1.13.$modem\n"; - $protocol=`$snmpgetcmd enterprises.9.9.47.1.3.1.1.13.$modem` or die "No MIB\n"; - $protocol=~/ \= (\d+)/; - $protocol=$Protocol[$1]; - -#DEBUG#print "$snmpgetcmd enterprises.9.9.47.1.3.1.1.14.$modem\n"; - $txrate=`$snmpgetcmd enterprises.9.9.47.1.3.1.1.14.$modem` or die "No MIB\n"; - $txrate=~/Gauge32\: (\d+)/; - $txrate=$1; - -#DEBUG#print "$snmpgetcmd enterprises.9.9.47.1.3.1.1.15.$modem\n"; - $rxrate=`$snmpgetcmd enterprises.9.9.47.1.3.1.1.15.$modem` or die "No MIB\n"; - $rxrate=~/Gauge32\: (\d+)/; - $rxrate=$1; - -#DEBUG#print "$snmpgetcmd enterprises.9.9.47.1.3.1.1.17.$modem\n"; - $rxsignal=`$snmpgetcmd enterprises.9.9.47.1.3.1.1.17.$modem` or die "No MIB\n"; -# $rxsignal=~ s/INTEGER\://; - $rxsignal=~/ \= (.*)\n/; - $rxsignal=$1; - - if($type eq "xml"){ - print "$user\n"; - print "\t$duration\n"; - print "\t$modulation\n"; - print "\t$protocol\n"; - print "\t$txrate\n"; - print "\t$rxrate\n"; - print "\t$rxsignal dBm\n\n"; - }else{ - printf("%14s\t%s\n","User",$user); - printf("%14s\t%s\n","Duration",$duration); - printf("%14s\t%s\n","Modulation",$modulation); - printf("%14s\t%s\n","Protocol",$protocol); - printf("%14s\t%s\n","TxRate",$txrate); - printf("%14s\t%s\n","RxRate",$rxrate); - printf("%14s\t%s dBm\n\n","RxSignal",$rxsignal); - } -} diff --git a/dialup_admin/bin/snmpfinger b/dialup_admin/bin/snmpfinger deleted file mode 100755 index 5fd04a0330b..00000000000 --- a/dialup_admin/bin/snmpfinger +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/perl -# -# This works with Net-SNMP and UCD-SNMP - -$host=shift; -$comm=shift || 'public'; -$type=shift || 'cisco'; - -$conf='/usr/local/dialup_admin/conf/admin.conf'; -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - $snmp_type = $val if ($key eq 'general_snmp_type'); - $snmpwalk = $val if ($key eq 'general_snmpwalk_command'); -} -close CONF; - -die "general_snmp_type directive is not set in admin.conf\n" if ($snmp_type eq ''); -die "Could not find snmpwalk binary. Please make sure that the \$snmpwalk variable points to the right location\n" if (! -x $snmpwalk); - -$snmpwalkcmd="$snmpwalk $host $comm" if ($snmp_type = 'ucd'); -$snmpwalkcmd="$snmpwalk -v 1 -c $comm $host" if ($snmp_type = 'net'); - -if ($type eq 'cisco'){ - $walk =`$snmpwalkcmd .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.2`; - if ($walk =~ /^$/ || $walk =~ /No Such Object/){ - $walk =`$snmpwalkcmd .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3`; - if ($walk =~ /^$/ || $walk =~ /No Such Object/){ - $walk =`$snmpwalkcmd .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18`; - } - } -} -elsif ($type eq 'lucent'){ - $walk =`$snmpwalkcmd .iso.org.dod.internet.private.enterprises.529.10.4.1.12`; -} -elsif ($type eq 'usrhiper'){ - $walk =`$snmpwalkcmd .iso.org.dod.internet.private.enterprises.429.4.10.1.1.18`; -} - -while($walk=~/\"([\@\.\w\-]+?)\"/g){ - $user=lc($1); - if($out) { - $out=$out.",'$user'"; - }else{ - $out="'$user'"; - } -} -print "$out\n"; diff --git a/dialup_admin/bin/sqlrelay_query b/dialup_admin/bin/sqlrelay_query deleted file mode 100755 index 20704e7f7dd..00000000000 --- a/dialup_admin/bin/sqlrelay_query +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/perl -$sqlrelay = '/usr/bin/query'; -$host=shift; -$port=shift; -$socket=shift; -$user=shift; -$passwd=shift; -while(<>){ - chomp; - `$sqlrelay '$host' '$port' '$socket' '$user' '$passwd' '$_'`; - $exit = $? >> 8; - if ($exit != 0){ - exit $exit; - } -} diff --git a/dialup_admin/bin/tot_stats b/dialup_admin/bin/tot_stats deleted file mode 100755 index a521485c815..00000000000 --- a/dialup_admin/bin/tot_stats +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/perl -use POSIX; -use File::Temp; - -# Log in the totacct table aggregated daily accounting information for -# each user. -# We keep a row per user for each day. -# Works with mysql and postgresql -# - -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; - - -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - $sql_type = $val if ($key eq 'sql_type'); - $sql_server = $val if ($key eq 'sql_server'); - $sql_username = $val if ($key eq 'sql_username'); - $sql_password = $val if ($key eq 'sql_password'); - $sql_database = $val if ($key eq 'sql_database'); - $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); - $sqlcmd = $val if ($key eq 'sql_command'); -} -close CONF; - -die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq ''); -die "sql command '$sqlcmd' not found or does not seem to be executable\n" if (! -x $sqlcmd); - -if ($sql_type eq 'mysql'){ - $sql_password = (!$sql_password) ? '' : "-p$sql_password"; -} -$sql_password =~ s/(\W)/\\$1/g; - -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; -$date_start = POSIX::strftime("%Y-%m-%d %T",0,0,0,($mday - 1),$mon,$year,$wday,$yday,$isdst); -$date_small_start = POSIX::strftime("%Y-%m-%d",0,0,0,($mday - 1),$mon,$year,$wday,$yday,$isdst); -$date_end = POSIX::strftime("%Y-%m-%d %T",0,0,0,$mday,$mon,$year,$wday,$yday,$isdst); - -$query1 = "DELETE FROM totacct WHERE AcctDate = '$date_start';"; -$query2 = "INSERT INTO totacct (UserName,AcctDate,ConnNum,ConnTotDuration, - ConnMaxDuration,ConnMinDuration,InputOctets,OutputOctets,NASIPAddress) - SELECT UserName,'$date_small_start',COUNT(*),SUM(AcctSessionTime), - MAX(AcctSessionTime),MIN(AcctSessionTime),SUM(AcctInputOctets), - SUM(AcctOutputOctets),NASIPAddress FROM radacct - WHERE AcctStopTime >= '$date_start' AND - AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;"; -print "$query1\n"; -print "$query2\n"; -my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; -print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print $fh $query1; -print $fh $query2; -close $fh; -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); -$command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); -`$command`; diff --git a/dialup_admin/bin/truncate_radacct b/dialup_admin/bin/truncate_radacct deleted file mode 100755 index 22d24fdc0f4..00000000000 --- a/dialup_admin/bin/truncate_radacct +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/perl -# -# Delete sessions from the radacct table which are older than -# $back_days -# Works with mysql and postgresql -# -use POSIX; -use File::Temp; - -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; -$back_days = 90; - - -open CONF, "<$conf" - or die "Could not open configuration file\n"; -while(){ - chomp; - ($key,$val)=(split /:\s*/,$_); - $sql_type = $val if ($key eq 'sql_type'); - $sql_server = $val if ($key eq 'sql_server'); - $sql_username = $val if ($key eq 'sql_username'); - $sql_password = $val if ($key eq 'sql_password'); - $sql_database = $val if ($key eq 'sql_database'); - $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); - $sqlcmd = $val if ($key eq 'sql_command'); -} -close CONF; - -die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq ''); -die "sql command '$sqlcmd' not found or does not seem to be executable\n" if (! -x $sqlcmd); - -if ($sql_type eq 'mysql'){ - $sql_password = (!$sql_password) ? '' : "-p$sql_password"; -} -$sql_password =~ s/(\W)/\\$1/g; - -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; -$date = POSIX::strftime("%Y-%m-%d %T",$sec,$min,$hour,($mday - $back_days),$mon,$year,$wday,$yday,$isdst); -print "$date\n"; -if (POSIX::strftime("%Y-%m-%d %T",localtime) eq $date){ - die "Could not set correct back date.\n"; -} -$query = ""; -$query = "LOCK TABLES $sql_accounting_table WRITE;" if ($sql_type eq 'mysql'); -$query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;"; -$query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql'); -print "$query\n"; -my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; -print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print $fh $query; -close $fh; -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); -$command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); -`$command`; diff --git a/dialup_admin/conf/accounting.attrs b/dialup_admin/conf/accounting.attrs deleted file mode 100644 index 2ef30e3a509..00000000000 --- a/dialup_admin/conf/accounting.attrs +++ /dev/null @@ -1,20 +0,0 @@ -# Used by the User Accounting, the User finger and the Failed Logins page -# -# For the user finger page only callerid(9) and -# ip address(4) are applicable -# -# For the Failed Logins page only looged in(2), server(7), -# terminate cause(8) and callerid(9) are applicable -# -# attribute number Description Show in Show in Show in -# User Accounting User Finger Failed Logins -# -1 type no no no -2 logged in yes no yes -3 session time yes no no -4 ip address no yes no -5 upload yes no no -6 download yes no no -7 server yes no yes -8 terminate cause yes no yes -9 callerid yes yes yes diff --git a/dialup_admin/conf/admin.conf b/dialup_admin/conf/admin.conf deleted file mode 100644 index b0121f8110c..00000000000 --- a/dialup_admin/conf/admin.conf +++ /dev/null @@ -1,351 +0,0 @@ -# -# Main Configuration File -# -# it can be default or whatever language. Only greek are supported -# from non latin alphabet languages -# These attribute only apply for ldap not for sql -# -general_prefered_lang: en -general_prefered_lang_name: English -# -# The charset which will be added as a meta tag in all pages -# -general_charset: iso-8859-1 -# -# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap -# are utf8 encoded. -# -#general_decode_normal_attributes: yes -# -# The directory where dialupadmin is installed -# -general_base_dir: /usr/local/dialup_admin -# -# The base directory of the freeradius radius installation -# -general_radiusd_base_dir: /usr/local/radiusd -general_domain: company.com -# -# Set it to yes to use sessions and cache the various mappings -# You can also set use_session = 1 in config.php to also cache -# the admin.conf -# -# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ---- -#Remember to use the 'Clear Cache' page if you use sessions and do any changes -#in any of the configuration files. -# -general_use_session: no -# -# This is used by the failed logins page. It states the default back time -# in minutes. -# -general_most_recent_fl: 30 - -# -# Realm setup -# -# Set general_strip_realms to yes in order to stip realms from usernames. -# By default realms are not striped -#general_strip_realms: yes -# -# The delimiter used in realms. Default is @ -# -general_realm_delimiter: @ -# -# The format of the realms. Can be either suffix (realm is after the username) -# or prefix (realm is before the username). Default is suffix -# -general_realm_format: suffix -# - -# -# Determines if the administrator will be able to see and change the user password through -# the user edit page -general_show_user_password: yes - -general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb -general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap -# Need to fix admin.conf file parser -#general_clients_conf: %{general_raddb_dir}/clients.conf -general_clients_conf: /usr/local/etc/raddb/clients.conf -general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap -general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs -general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap -general_username_mappings_file: %{general_base_dir}/conf/username.mappings -# -# it can be either ldap or sql -# This affects the user base not accounting. Accounting is always in sql -# -general_lib_type: sql -# -# Define which attributes will be visible in the user edit page -# -general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs -# -# Used by the Accounting Report Generator -# -general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs -# -# Set default values for various attributes -# -general_default_file: %{general_base_dir}/conf/default.vals -#general_ld_library_path: /usr/local/snmpd/lib -# -# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first -# querying the nas -# This is used by the online users page -# -general_finger_type: snmp -# -# Defines the nas type. This is only used by snmpfinger -# cisco, usrhiper and lucent are supported for now -# -general_nas_type: cisco -general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger -# -# Used by the 'Disconnect User' button in the Clear Open Sessions page -# Uses the Cisco AAA Session MIB or a telnet session -# -general_sessionclear_bin: %{general_base_dir}/bin/clearsession -# -# Can be one of telnet or snmp -# -general_sessionclear_method: snmp -general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient -# -# this information is used from the server check page -# -general_test_account_login: test -general_test_account_password: testpass -# -# These are used as default values for the user test page -# -general_radius_server: localhost -general_radius_server_port: 1812 -# -# can be either pap or chap -# -general_radius_server_auth_proto: pap -# -# sorry, single valued for now. Should become something like -# password[server-name]: xxxxx -# -general_radius_server_secret: XXXXXX -general_auth_request_file: %{general_base_dir}/conf/auth.request -# -# can be one of crypt,md5,clear -# -general_encryption_method: crypt -# -# can be either asc (older dates first) or desc (recent dates first) -# This is used in the user accounting and badusers pages -# -general_accounting_info_order: desc -# -# Use the totacct table in the user statistics page instead of the radacct -# table. That will make the page run quicker. totacct should have data for -# this to work :-) -# -general_stats_use_totacct: no -# -# If set to yes then we only allow each administrator to examine it's own entries -# in the badusers table -# -general_restrict_badusers_access: no -# -# If set to yes then we restrict access to the nas administration page only to those -# users which are allowed by their username mapping (nasadmin is set to yes) -# -general_restrict_nasadmin_access: no - - -INCLUDE: %{general_base_dir}/conf/naslist.conf - -INCLUDE: %{general_base_dir}/conf/captions.conf - -# -# The ldap server to connect to. -# Both ldap_server and ldap_write_server can be a space-separated -# list of ldap hostnames. In that case the library will try to connect -# to the servers in the order that they appear. If the first host is down -# ldap_connect will ask for the second ldap host and so on. -# -ldap_server: ldap.%{general_domain} -# -# There are many cases where we have a small write master and -# a lot of fast read only replicas. If that is the case uncomment -# ldap_write_server and point it to the write master. It will be -# used only when writing to the directory, not when reading -# -#ldap_write_server: master.%{general_domain} -ldap_base: dc=company,dc=com -ldap_binddn: cn=Directory Manager -ldap_bindpw: XXXXXXX -ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base} -ldap_default_dn: uid=default-dialup,%{ldap_base} -ldap_regular_profile_attr: dialupregularprofile -# -# If set to yes then the HTTP credentials (http authentication) -# will be used to bind to the ldap server instead of ldap_binddn -# and ldap_bindpw. That way multiple admins with different rights -# on the ldap database can connect through one dialup_admin interface. -# The ldap_binddn and ldap_bindpw are still needed to find the DN -# to bind with (http authentication will only provide us with a -# username). As a result the ldap_binddn should be able to do a search -# with a filter of (uid=). Normally, the anonymous (empty DN) -# user can do that. -#ldap_use_http_credentials: yes -# -# If we are using http credentials we can map a specific username to the -# directory manager (which usually does not correspond to a specific username) -# -#ldap_directory_manager: cn=Directory Manager -#ldap_map_to_directory_manager: admin -# -# Uncomment to enable ldap debug -# -ldap_debug: true -# -# Allow for defining the ldap filter used when searching for a user -# Variables supported: -# %u: username -# %U: username provided though http authentication -# %mu: mappings for userdb -# %ma: mappings for accounting -# %mn: mappings for nasdb -# %mN: mappings for nas administration -# -# One use of this would be to restrict access to only the user's belonging to -# a specific administrator like this: -# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com)) -# -#ldap_filter: (uid=%u) -# -# If ldap_userdn is set then we use that for user dns, we don't perform an ldap -# search. This can be somewhat faster. The variables supported for ldap_filter -# are also supported here -# -#ldap_userdn: uid=%u,%{ldap_base} - - -# -# can be one of mysql,pg,oracle,sqlrelay where: -# mysq: MySQL database (port 3306) -# pg: PostgreSQL database (port 5432) -# oracle: Oracle database (port 1521) -# sqlrelay: SQL Relay -# -sql_type: mysql -sql_server: localhost -sql_port: 3306 -sql_username: dialup_admin -sql_password: XXXXXX -sql_database: radius -sql_accounting_table: radacct -sql_badusers_table: badusers -sql_check_table: radcheck -sql_reply_table: radreply -sql_user_info_table: userinfo -sql_groupcheck_table: radgroupcheck -sql_groupreply_table: radgroupreply -sql_usergroup_table: radusergroup -sql_total_accounting_table: totacct -sql_nas_table: nas -# -# If set to true then we show all the available groups with the groups -# that the user is a member of highlighted in the user edit page. -# Otherwise we only show the groups he is a member of. -sql_show_all_groups: true -# -# This variable is used by the scripts in the bin folder -# It should contain the path to the sql binary used to run -# sql commands (mysql, psql, oracle and sqlrelay are only supported for now) -sql_command: /usr/local/bin/mysql -#sql_command: /usr/bin/psql -#sql_command: /usr/bin/sqlplus -# -# This variable is used by the scripts in the bin folder -# It should contain the snmp type and path to the binary -# used to run snmp commands. -# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now) -general_snmp_type: net -general_snmpwalk_command: /usr/local/bin/snmpwalk -general_snmpget_command: /usr/local/bin/snmpget -# -# Uncomment to enable sql debug -# -sql_debug: true -# -# If set to yes then the HTTP credentials (http authentication) -# will be used to connect to the sql server instead of sql_username -# and sql_password. That way multiple admins with different rights -# on the sql database can connect through one dialup_admin interface. -#sql_use_http_credentials: yes -# -# If set the query will be added to all of the queries on the accounting -# table -# Variables supported: -# %u: username -# %U: username provided though http authentication -# %mu: mappings for userdb -# %ma: mappings for accounting -# %mn: mappings for nasdb -# %mN: mappings for nas administration -#sql_accounting_extra_query: %ma - - -# -# true or false -# -sql_use_user_info_table: true -sql_use_operators: true -# -# Set this to the value of the default_user_profile in your -# sql.conf if that one is set. If it is not set leave blank -# or commented out -#sql_default_user_profile: DEFAULT -# -# -sql_password_attribute: User-Password -sql_date_format: Y-m-d -sql_full_date_format: Y-m-d H:i:s -# -# Used in the accounting report generator so that we -# don't return too many results -# -sql_row_limit: 40 -# -# These options are used by the log_badlogins script and by the -# mysql driver -# -# Set the sql connect timeout (secs) -sql_connect_timeout: 3 -# Give a space separated list of extra mysql servers to connect to when -# logging bad logins or adding users in the badusers table -#sql_extra_servers: sql2.company.com sql3.company.com - -# -# Default values for the various user limits in case the counter module -# is used to impose such limits. -# The value should be the user limit in seconds or none for nothing -# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are -# using sql or ldap) for per user attributes. The mapping should be made to -# the attributes configured in the counter module. The attributes used by -# dialupadmin will always be the ones appearing in the attribute mapping files -# so you should make sure they are mapped to the correct attributes -# -#counter_default_daily: 14400 -#counter_default_weekly: 72000 -counter_default_daily: none -counter_default_weekly: none -counter_default_monthly: none -# -# Since calculating monthly usage can be quite expensive we make -# it configurable -# This is not needed if the monthly limit is not none -#counter_monthly_calculate_usage: true - -# some of the date/time related functions need to know what timezone we are in - -timezone: Europe/Luxembourg - diff --git a/dialup_admin/conf/auth.request b/dialup_admin/conf/auth.request deleted file mode 100644 index 6973a1a4bc8..00000000000 --- a/dialup_admin/conf/auth.request +++ /dev/null @@ -1,5 +0,0 @@ -# -# Extra attributes that the test user/check server pages will send to -# the RADIUS server -# -Service-Type = Framed-User diff --git a/dialup_admin/conf/captions.conf b/dialup_admin/conf/captions.conf deleted file mode 100644 index ea345712d5c..00000000000 --- a/dialup_admin/conf/captions.conf +++ /dev/null @@ -1 +0,0 @@ -general_caption_finger_free_lines: free lines diff --git a/dialup_admin/conf/config.php b/dialup_admin/conf/config.php deleted file mode 100644 index 3e25e7acbad..00000000000 --- a/dialup_admin/conf/config.php +++ /dev/null @@ -1,117 +0,0 @@ -= $testVer ) - import_request_variables('GPC'); -# If using sessions set use_session to 1 to also cache the config file -# -$use_session = 0; -unset($config); -unset($nas_list); -if ($use_session){ - // Start session - @session_start(); - if (isset($_SESSION['config'])) - $config = $_SESSION['config']; - if (isset($_SESSION['nas_list'])) - $nas_list = $_SESSION['nas_list']; -} -if (!isset($config)){ - $ARR=file("../conf/admin.conf"); - $EXTRA_ARR = array(); - foreach($ARR as $val) { - $val=chop($val); - if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) - continue; - list($key,$v)=preg_split("/:[[:space:]]*/",$val,2); - if (preg_match("/%\{(.+)\}/",$v,$matches)){ - $val=$config[$matches[1]]; - $v=preg_replace("/%\{$matches[1]\}/",$val,$v); - } - if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches)) - $nas_list[$matches[1]][$matches[2]] = $v; - if ($key == 'INCLUDE'){ - if (is_readable($v)) - array_push($EXTRA_ARR,file($v)); - else - echo "Error: File '$v' does not exist or is not readable
\n"; - } - else - $config["$key"]="$v"; - } - foreach($EXTRA_ARR as $val1) { - foreach($val1 as $val){ - $val=chop($val); - if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) - continue; - list($key,$v)=preg_split("/:[[:space:]]*/",$val,2); - if (preg_match("/%\{(.+)\}/",$v,$matches)){ - $val=$config[$matches[1]]; - $v=preg_replace("/%\{$matches[1]\}/",$val,$v); - } - if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches)) - $nas_list[$matches[1]][$matches[2]] = $v; - $config["$key"]="$v"; - } - } - if ($use_session){ - session_register('config'); - session_register('nas_list'); - } - -} -if ($use_session == 0 && $config[general_use_session] == 'yes'){ - // Start session - @session_start(); - if (isset($nas_list)) - session_register('nas_list'); -} -//Make sure we are only passed allowed strings in username -if ($login != '') - $login = preg_replace("/[^\w\.\/\@\:\-]/",'',$login); - -if ($login != '' && $config[general_strip_realms] == 'yes'){ - $realm_del = ($config[general_realm_delimiter] != '') ? $config[general_realm_delimiter] : '@'; - $realm_for = ($config[general_realm_format] != '') ? $config[general_realm_format] : 'suffix'; - $new = explode($realm_del,$login,2); - if (count($new) == 2) - $login = ($realm_for == 'suffix') ? $new[0] : $new[1]; -} -unset($mappings); -if (isset($_SESSION['mappings'])) - $mappings = $_SESSION['mappings']; -if (!isset($mappings) && $config[general_username_mappings_file] != ''){ - $ARR = file($config[general_username_mappings_file]); - foreach($ARR as $val){ - $val=chop($val); - if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) - continue; - list($key,$realm,$v)=preg_split("/:[[:space:]]*/",$val,3); - if ($realm == 'accounting' || $realm == 'userdb' || $realm == 'nasdb' || $realm == 'nasadmin') - $mappings["$key"][$realm] = $v; - if ($realm == 'nasdb'){ - $NAS_ARR = array(); - $NAS_ARR = preg_split('/,/',$v); - foreach ($nas_list as $key => $nas){ - foreach ($NAS_ARR as $nas_check){ - if ($nas_check == $nas[name]) - unset($nas_list[$key]); - } - } - } - } - if ($config[general_use_session] == 'yes') - session_register('mappings'); -} - -date_default_timezone_set($config[timezone]); - -//Include missing.php if needed -if (!function_exists('array_change_key_case')) - include_once('../lib/missing.php'); -@header('Content-type: text/html; charset='.$config[general_charset].';'); -?> diff --git a/dialup_admin/conf/default.vals b/dialup_admin/conf/default.vals deleted file mode 100644 index 94539823c62..00000000000 --- a/dialup_admin/conf/default.vals +++ /dev/null @@ -1,17 +0,0 @@ -# -# Uncomment and edit these lines if you add corresponding default -# values in the users file -# -#Simultaneous-Use: 1 -#Framed-IP-Address: 255.255.255.254 -#Framed-IP-Netmask: 255.255.255.255 -#Framed-MTU: 1500 -#Framed-Protocol: PPP -#Framed-Compression: Van-Jacobson-TCP-IP -#Session-Timeout: 14400 -#Idle-Timeout: 600 -#Port-Limit: 1 -#Max-Weekly-Session: 72000 -#Max-Daily-Session: 14400 -#Login-Time: -#Auth-Type: LDAP diff --git a/dialup_admin/conf/extra.ldap-attrmap b/dialup_admin/conf/extra.ldap-attrmap deleted file mode 100644 index fb0637a27cf..00000000000 --- a/dialup_admin/conf/extra.ldap-attrmap +++ /dev/null @@ -1,12 +0,0 @@ -# -# An extra file for radius -> ldap attribute mapping -# -checkItem Dialup-Lock-Msg radiuslockmsg -checkItem User-Password userpassword -checkItem Regular-Profile radiusProfileDn -checkItem Check-Item radiusCheckItem generic -checkItem Max-Daily-Session radiusMaxDailySession -checkItem Max-Weekly-Session radiusMaxWeeklySession -checkItem Max-Monthly-Session radiusMaxMonthlySession - -replyItem Reply-Item radiusReplyItem generic diff --git a/dialup_admin/conf/naslist.conf b/dialup_admin/conf/naslist.conf deleted file mode 100644 index 567893c3def..00000000000 --- a/dialup_admin/conf/naslist.conf +++ /dev/null @@ -1,31 +0,0 @@ -# -# This file contains the NAS list -# -nas1_name: nas1.%{general_domain} -nas1_model: Cisco 2511 access server -nas1_ip: 147.122.122.121 -nas1_port_num: 16 -nas1_community: public -nas2_name: nas2.%{general_domain} -nas2_model: Cisco 2511 access server -nas2_ip: 147.122.122.123 -nas2_port_num: 16 -nas2_community: public -# -# finger type can also be set per NAS -# snmp: Use snmp to query the NAS -# database: Only query the sql database -# -# If it is not set, general_finger_type is assumed -nas2_finger_type: database -# nas type can also be set per NAS -nas2_type: cisco -nas3_name: nas3.%{general_domain} -nas3_model: Cisco 5300 access server -nas3_ip: 147.122.122.124 -nas3_port_num: 210 -nas3_community: public -# -# sessionclear method can also be set per NAS -# -nas3_sessionclear_method: telnet diff --git a/dialup_admin/conf/sql.attrmap b/dialup_admin/conf/sql.attrmap deleted file mode 100644 index a5a44c90fe3..00000000000 --- a/dialup_admin/conf/sql.attrmap +++ /dev/null @@ -1,52 +0,0 @@ -# -# A mapping between the attributes used by dialup_admin and the attribute -# names that will be stored in the SQL database -# -# Attributes that are not contained in this file are assumed to be reply -# items and map to the same name as the one used by dialup_admin -# -# Format: -# checkItem|replyItem Attribute-In-Dialup-Admin Attribute-In-SQL -# -# -checkItem Auth-Type Auth-Type -checkItem Simultaneous-Use Simultaneous-Use -checkItem Called-Station-Id Called-Station-Id -checkItem Calling-Station-Id Calling-Station-Id -checkItem Dialup-Access none -checkItem Max-Daily-Session Max-Daily-Session -checkItem Max-Weekly-Session Max-Weekly-Session -checkItem Max-Monthly-Session Max-Monthly-Session -checkItem Login-Time Login-Time -checkItem Expiration Expiration - -replyItem Service-Type Service-Type -replyItem Framed-Protocol Framed-Protocol -replyItem Framed-IP-Address Framed-IP-Address -replyItem Framed-IP-Netmask Framed-IP-Netmask -replyItem Framed-Route Framed-Route -replyItem Framed-Routing Framed-Routing -replyItem Filter-Id Filter-Id -replyItem Framed-MTU Framed-MTU -replyItem Framed-Compression Framed-Compression -replyItem Login-IP-Host Login-IP-Host -replyItem Login-Service Login-Service -replyItem Login-TCP-Port Login-TCP-Port -replyItem Callback-Number Callback-Number -replyItem Callback-Id Callback-Id -replyItem Framed-IPX-Network Framed-IPX-Network -replyItem Class Class -replyItem Session-Timeout Session-Timeout -replyItem Idle-Timeout Idle-Timeout -replyItem Termination-Action Termination-Action -replyItem Login-LAT-Service Login-LAT-Service -replyItem Login-LAT-Node Login-LAT-Node -replyItem Login-LAT-Group Login-LAT-Group -replyItem Framed-AppleTalk-Link Framed-AppleTalk-Link -replyItem Framed-AppleTalk-Network Framed-AppleTalk-Network -replyItem Framed-AppleTalk-Zone Framed-AppleTalk-Zone -replyItem Port-Limit Port-Limit -replyItem Login-LAT-Port Login-LAT-Port -replyitem Reply-Message Reply-Message -replyItem Dialup-Lock-Msg Reply-Message -replyItem User-Password User-Password diff --git a/dialup_admin/conf/sql.attrs b/dialup_admin/conf/sql.attrs deleted file mode 100644 index 33b926ae099..00000000000 --- a/dialup_admin/conf/sql.attrs +++ /dev/null @@ -1,28 +0,0 @@ -# Used by the Accounting Report Generator page -# -# Mysql attributes Description Show Use function -# -RadAcctId Accounting Id no -AcctSessionId Session Id no -AcctUniqueId Unique Id no -UserName User Name yes -Realm Realm no -NASIPAddress NAS IP Address yes -NASPortId NAS Port yes -NASPortType NAS Port Type no -AcctStartTime Login Time yes -AcctStopTime Logout Time yes -AcctSessionTime Session Time yes time2str -AcctAuthentic AcctAuthentic no -ConnectInfo_start Start Connect Info no -ConnectInfo_stop Stop Connect Info no -AcctInputOctets Upload yes bytes2str -AcctOutputOctets Download yes bytes2str -CalledStationId CalledStationId no -CallingStationId Caller Id no -AcctTerminateCause Terminate Cause no -ServiceType Service Type no -FramedProtocol Protocol no -FramedIPAddress Client IP Address yes -AcctStartDelay Accounting Start Delay no time2str -AcctStopDelay Accounting Stop Delay no time2str diff --git a/dialup_admin/conf/user_edit.attrs b/dialup_admin/conf/user_edit.attrs deleted file mode 100644 index 8de44862501..00000000000 --- a/dialup_admin/conf/user_edit.attrs +++ /dev/null @@ -1,49 +0,0 @@ -# -# Attributes which will be visible in the user/group edit pages -# -# Format: Attribute Comment -# -# -#Auth-Type Auth-Type -#Simultaneous-Use Simultaneous Use -Framed-Protocol Protocol -Framed-IP-Address IP Address -Framed-IP-Netmask IP Netmask -#Framed-Route Route -#Framed-Routing -#Filter-Id Filter ID -Framed-MTU Framed-MTU -Framed-Compression Compression Used -Service-Type Service Type -#Login-IP-Host -#Login-Service -#Login-TCP-Port -#Callback-Number Callback-Number -#Callback-Id Callback-ID -#Framed-IPX-Network -#Class Class -Session-Timeout Session Timeout -Idle-Timeout Idle Timeout -#Termination-Action -#Login-LAT-Service -#Login-LAT-Node -#Login-LAT-Group -#Framed-AppleTalk-Link -#Framed-AppleTalk-Network -#Framed-AppleTalk-Zone -Port-Limit Port Limit -#Login-LAT-Port -#Dialup-Access Dialup Access (use FALSE to lock) -Dialup-Lock-Msg Lock Message -#Reply-Message Reply-Message -#Max-Daily-Session Daily Limit (secs) -#Max-Weekly-Session Weekly Limit (secs) -#Max-Monthly-Session Monthly Limit (secs) -#Login-Time User Login Period (UUCP Format) -#Expiration User Expiration Date -# -# Uncomment this if you are using ldap and you are using user regular profiles. -# Also make sure that Regular-Profile maps to the correct ldap attribute in -# extra.ldap-attrmap -# -#Regular-Profile User Regular Profile DN diff --git a/dialup_admin/conf/username.mappings b/dialup_admin/conf/username.mappings deleted file mode 100644 index 31803651439..00000000000 --- a/dialup_admin/conf/username.mappings +++ /dev/null @@ -1,21 +0,0 @@ -# Username mappings -# Format: -# Username:realm:query -# -# where realm is: -# accounting: for the map to be used when querying the accounting db -# userdb: for the map to be used when querying the user db -# nasdb: To only map specific NASes to the username (separated by ,) -# nasadmin: To allow the user to use the nas_admin page (yes or no) -# -library-admin:accounting:AND nasipaddress = '123.123.123.123' -library-admin:userdb:AND Admin = 'library-admin' -library-admin:nasdb:nas.lib.company.com -library-admin:nasadmin:no -# -lab-admin:accounting:AND nasipaddress = '123.123.124.123' -lab-admin:userdb:AND Admin = 'lab-admin' -lab-admin:nasdb:nas.lab.company.com -lab-admin:nasadmin:no -# -admin:nasadmin:yes diff --git a/dialup_admin/doc/AUTHORS b/dialup_admin/doc/AUTHORS deleted file mode 100644 index 8ec253f1b8d..00000000000 --- a/dialup_admin/doc/AUTHORS +++ /dev/null @@ -1,30 +0,0 @@ -Kostas Kalevras: kkalev@noc.ntua.gr -Main developper - -Vasilis Pappas: vpappas@noc.ntua.gr -parts of user_edit and user_admin - -Thanasis Duitsis: aduitsis@noc.ntua.gr -Part of accounting report generator - -Panagiotis Christias: christia@noc.ntua.gr -HTML pages layout designer - -Dragan Milivojevic: galileo@MICROSKY.NET -A number of bug reports and a lot of crash testing - -Gary McKinney -A number of bug reports and a lot of crash testing - -Alex Savguira: alexs@ravdata.com -Ido Shavit -Patches for auto generate password - -Nick Marino -A number of bug reports - -Paris Stamatopoulos -The HOWTO document - -Ulrich Walcher -A few attribute help pages diff --git a/dialup_admin/doc/FAQ b/dialup_admin/doc/FAQ deleted file mode 100644 index 9999fd8c83d..00000000000 --- a/dialup_admin/doc/FAQ +++ /dev/null @@ -1,102 +0,0 @@ -> I was wondering if there is any more documentation about howto setup this -> software other than what comes in the README? - -No, there isn't. It's easier for me to write code than to document it :-) -Anyway, I always try to make better documentation. -There's also this FAQ :-) - -> -> When I try to access some page I see the php code instead of html -> - -Make sure that you have configured php to handle files with .php extension - -> -> What tables do I need to create in the MySQL database? - -It depends. -If you are using ldap for user authentication/information then you only need -to create the freeradius sql tables (in order to create the radacct table, -the other tables will just sit around doing nothing) which can be created from a -sql script in the freeradius distribution. If you are runing mysql it is in -src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql - -If you are using mysql for user authentication/information then you will again -need to create the freeradius sql tables and if you want you could also create -the userinfo table to store user information (name,telephone etc) - -You could also create the badusers table if you want the functionality it provides. - -sql scripts to create the badusers and userinfo tables can be found in the -directory sql (of dialup_admin distribution). - -> -> Some attributes are missing from the user/group edit pages -> - -First of all check conf/user_edit.atts and see if the attribute you are interested in is -commented out. If it is just enable it by uncommenting it. If the attribute is not -included in the file add it. If you use SQL check conf/sql.attrmap. If you use LDAP check -${freeradius_install_dir}/etc/raddb/ldap.attrmap and check if the attribute is included in -the attribute mapping. If it is not then add it there also. -Everything should work ok after that. - -> -> When an attribute contains double (") or single (') quotes something goes wrong. -> - -Make sure that magic quotes in PHP are turned off - -> -> The Online Users page does not show me anything -> - -Check conf/admin.conf and especially the comments about general_finger_type. Make sure that bin/snmpfinger -uses the correct snmpwalk command and that it returns the correct results (snmfinger works on cisco access -servers). Try commenting out general_finger_type so that the Online Users page will just query the radacct -table and not try to do a finger on the NAS. - -> Even though I have uncommented Dialup-Access in user_edits.attrs, when -> editing a user, that field is not available. Is this because in sql.attrmap -> I have: -> -> checkItem Dialup-Access none -> -> What should the attribute be? - -Dialup-Access is an attribute used by the ldap module. It is not implemented in -the sql module, that's why the mapping is set to none. -You could set Auth-Type to Reject instead. - -> Why do the personal information fields show multiple -> entries for attributes like name, department, etc in the user_admin page? -> Is there a way to remove the duplicate fields in the display? - -Set general_prefered_lang to en - - -> -> After I make a few changes in one of the configuration files things only work like they worked before -> - -If you are using sessions then remember to use the 'Clear Cache' page after making any changes - -> -> When i try to access a dynamic web page it only shows a blank white page -> - -You may have not enabled support for the corresponding sql driver in PHP. If you are also using ldap, check for -php ldap support. - -> -> It is still not working -> - -Check that the register_globals in php.ini is set to on. As of PHP 4.2.0 this is set to off by default. The latest -versions of dialup_admin will work even if register_globals is set to off if the php version is > 4.1.0 -(Thanks to Evren Yurtesen for the suggestion). - -In latest versions you can also enable sql debug (sql_debug: true) and ldap debug (ldap_debug: true) - --- -kkalev diff --git a/dialup_admin/doc/HELP_WANTED b/dialup_admin/doc/HELP_WANTED deleted file mode 100644 index c5c7b81a573..00000000000 --- a/dialup_admin/doc/HELP_WANTED +++ /dev/null @@ -1,7 +0,0 @@ -What you can contribute: - -o Billing and statistics pages. Fancy bars and diagrams are needed for dialup_admin to be complete. - -o Documentation. - -o Attribute help pages like those that already exist. diff --git a/dialup_admin/doc/HOWTO b/dialup_admin/doc/HOWTO deleted file mode 100644 index 4fb4ae46375..00000000000 --- a/dialup_admin/doc/HOWTO +++ /dev/null @@ -1,726 +0,0 @@ - -Dialup Admin HOWTO ------------------- - -Version 0.1 Sun Oct 26 04:03:00 EET 2003 - - -1. Installation - 1.1 Obtaining Dialup Admin - 1.2 Prerequisities - 1.3 Installing & System Configuration - 1.3.1 Unpacking & Installation - 1.3.2 Apache Configuration - 1.3.2.1 Enabling PHP Support On Apache - 1.3.2.2 Creating a more secure web interface - 1.3.3 Creating the mySQL Tables - -2. Configuration - 2.1 Configuration Options - 2.1.1 General Options - 2.1.2 Realms Options - 2.1.3 LDAP/SQL Options - 2.1.4 NAS Quering - 2.1.5 Test Variables - 2.1.6 Encryption Methods - 2.1.7 NAS Informations - 2.1.8 LDAP Options - 2.1.9 SQL Options - 2.1.10 Limits Timers - 2.1.11 Various Options - 2.2 The bin/ scripts - 2.2.1 The snmpfinger script - 2.2.2 The log_badlogins script - 2.2.3 The clean_radacct script - 2.2.4 The truncate_radacct script - 2.2.5 The tot_stats script - 2.2.6 The monthly_tot_stats script - 2.3 User Attributes - 2.4 Finishing Off - - -3. Troubleshooting - 3.1 When I try to access some page I see the php code instead of html - 3.2 When an attribute contains double (") or single (') quotes - something goes wrong - 3.3 Even though I have uncommented Dialup-Access in user_edits.attrs, - when editing a user, that field is not available... - 3.4 Why do the personal information fields show multiple entries for - attributes like name, department, etc in the user_admin page? - 3.5 After I make a few changes in one of the configuration files - things only work like they worked before - 3.6 It is still not working - -4. HOWTO Information - -1. Installation ---------------- - -This section will take you step by step to create system suitable for -dialup admin to run properly. - - -[1.1] Obtaining Dialup Admin - -Dialup_admin is included with FreeRADIUS. - -[1.2] Prerequisities - -Dialup Admin requires the following in order to have full functionality: -o PHP Obtained at: http://www.php.net -o Date::Manip Perl Module Obtained at: http://www.cise.ufl.edu/~sbeck/ - -[1.3] Installing & System Configuration - -At this point we presume that either you have successfully installed PHP and -Date::Manip Perl Module or that your distribution has came with both of them -precompiled and already installed. - -[1.3.1] Unpacking and installation - -shell> cd freeradius-server-VERSION -shell> mv dialup_admin /usr/local - -The dialup admin contains a number of directories necessary for the program -to operate. Let's concentrate on the htdocs directory. This directory -contains the php scripts needed. In order to have it accessable through -our web server we must set a symbolic link between the two locations. -We presume that the DefaultRoot of the Apache Web Server is /var/www/htdocs - -shell> ln -s /usr/local/dialup_admin/htdocs /var/www/htdocs/dialup - -[1.3.2] Apache Configuration - -[1.3.2.1] Enabling PHP Support on Apache - -Apache must be configured to execute PHP scripts. In order to do so locate -the httpd.conf file (for Slackware Linux this is /etc/apache). We must -enter the following lines inside the httpd.conf - -LoadModule php4_module libexec/libphp4.so -AddModule mod_php4.c -AddType application/x-httpd-php .php -AddType application/x-httpd-php .php # This is most important since many of the PHP scripts of Dialup Admin have this extension - -[1.3.2.2] Creating a more secure web interface. - -Since dialup admin does not come with any kind of administrators authorisation -of its own it would be safe to protect this ourselves. - -Add the following to your httpd.conf file: - - - AuthName "Restricted Area" - AuthType Basic - AuthUserFile /var/www/.htpasswd - require valid-user - - -Changing of course the directory path to match yours as well as the -AuthUserFile argument to point to the place where the usernames/passwords -are stored. - -In order to create the htpasswd file the htpasswd utility is required -(It is provided with the apache web server) - -Let's create our first user: - -shell> htpasswd -c /var/www/.htpasswd -m administrator password - -Note: The -c argument should not be used from that point on since it creates - a new password file. - -On the next restart of apache the dialup/ directory is only accessable by a -username/password verification which in our case is administrator:password - -The HTTP authentication we have just configured can be used by dialupadmin -when connecting to the ldap and sql databases (see sections on sql and ldap -options). - -At this point when we connect to the url http://localhost/dialup we should -see the Dialup Admin pages - -[1.3.3] Creating the mySQL tables - -In order to have dialup admin work to the maximum you should create a few -tables in your mySQL. We assume at this point you have a fair ammount of mySQL -knowledge and have a mySQL running somewhere on your network. - -First of all you should create a database for all the tables to be stored into -it. We will call this radius. - -shell> mysql -h mysql.host.com -u username -p - -mysql> CREATE DATABASE radius; -mysql> exit - -This step is only necessary if you haven't already created a corresponding database -for the freeradius server. - -At dialup_admin/sql there are four files containg the SQL command to create -the required tables. This is done as follows: - -shell> mysql -h mysql.host.com -u username -p radius < badusers.sql -shell> mysql -h mysql.host.com -u username -p radius < mtotacct.sql -shell> mysql -h mysql.host.com -u username -p radius < totacct.sql -shell> mysql -h mysql.host.com -u username -p radius < userinfo.sql - -The userinfo table though is only needed if you want to keep your user database in sql. -If you keep your users in ldap then it's not needed. - -NOTE: Remember we named our database "radius". Have you named it somewhat - different replace the "radius" argument on the above commands with - the name you used - -2. Configuration ----------------- - -This is the most important part of this document since the configuration must -match your needs. -The configuration file is located at dialup_admin/conf/admin.conf - -[2.1] Configuration Options - -A few variables must be set to the correct values in order for dialup admin -to work. - - -[2.1.1] General Options - - -General configuration options - -> general_base_dir: /usr/local/dialup_admin - -This is the location where we have installed dialup admin. -Refer to section 1.3.1 for more information - -> general_radiusd_base_dir: /usr/local/bin - -This is the location where the radiusd binary and various radius -related programs resides. Check where FreeRadius has been installed - -> general_domain: domain.gr - -Set the domain name of your network. - - -[2.1.2] Realms Options - - -For more informations on realms consult the documentations provided -with FreeRadius under the doc/ directory - -> general_strip_realms : yes - -Should Dialup Admin strip the realm from the username when displaying this? -Values: Yes / No (Default Yes) - -> general_realm_delimiter: @ - -The delimiter used in realms. Default is @ - -> general_realm_format: suffix - -The format of the realms. Can be either suffix (realm is after the username) -or prefix (realm is before the username). Default is suffix - - -[2.1.3] LDAP/SQL Options - - -Options that specifies the way dialup admin handles users. SQL or LDAP - -> general_lib_type: sql - -This can have as values either ldap or sql. - -For the following values there shouldn't be any need for changes - -> general_ldap_attrmap: /etc/raddb/ldap.attrmap -> general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap -> general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap -> general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs -> general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs -> general_default_file: %{general_base_dir}/conf/default.vals - - -[2.1.4] NAS Quering - - -In general the nas quering provides the dialup admin with information -regarding the Online Users. - -> general_finger_type: snmp - -What should be the default quering method of the nas. It can be 'snmp' (for snmpfinger) -or empty to query the radacct table without first querying the nas - -> general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger - -This probably does not need to be changed -For now snmpfinger will only work with Cisco equipment. - -> general_radclient_bin: /usr/local/bin/radclient - -Must point to the radclient binary - -> general_nas_type: cisco - -Defines the nas type. This is only used by snmpfinger -cisco and lucent are supported for now - - -[2.1.5] Test Variables - - -The following variables which are self explained are being used while the -"Check Server" button is being pressed to verify that the radius server -is working. The username and password must be of a valid dialup account - -> general_test_account_login: dummy -> general_test_account_password: dummy_password - -> general_radius_server: localhost - -The hostname where the FreeRadius Server runs - -> general_radius_server_port: 1645 - -The port that FreeRadius uses on the hostname - -> general_radius_server_auth_proto: chap - -The method of connecting. Could be either 'chap' or 'pap' - -> general_radius_server_secret: secret_password - -The secret of the server that dialup admin should use while connecting. - -NOTE: You must have a correct entry in clients.conf for the host running - the dialup admin. For more information consult the documentations - that come with FreeRadius - -> general_auth_request_file: %{general_base_dir}/conf/auth.request - -The file conf/auth.request contains the options passed while the -authentification is performed. Should you need to add anything edit this file - - -[2.1.6] Encryption Method - - -> general_encryption_method: md5 - -How the passwords of the users are stored (or should be) in the database. -Could be 'clear', 'md5', 'des'. See Also Section 2.1.9 - - -[2.1.7] NAS Information - - -> nas1_name: host.%{general_domain} - -The name of the NAS. Only the host must be replaced to match yours, -provided that the nas are on the general_domain specified above - -> nas1_model: Lucent - -The model of the NAS. - -> nas1_ip: 10.0.0.1 - -The IP of the NAS - -> nas1_port_num: 120 - -The port number to connect to on the NAS - -> nas1_community: community string - -The community string used by the nas for queries via snmp - -> nas1_finger_type: snmp - -The finger type for the specific nas. Comment out to use the -general_finger_type from above. - -> nas1_type: cisco - -The nas type for the specific nas. Comment out to use the -general_nas_type from above. - - -[2.1.8] LDAP Options - - ->ldap_server: ldap.%{general_domain} - -The ldap server to connect to -Both ldap_server and ldap_write_server can be a space-separated -list of ldap hostnames. In that case the library will try to connect -to the servers in the order that they appear. If the first host is down -ldap_connect will ask for the second ldap host and so on. - ->ldap_write_server: master.%{general_domain} - -There are many cases where we have a small write master and -a lot of fast read only replicas. If that is the case uncomment -ldap_write_server and point it to the write master. It will be -used only when writing to the directory, not when reading - ->ldap_base: dc=company,dc=com - -The LDAP base for the ldap searches - ->ldap_binddn: cn=Directory Manager ->ldap_bindpw: XXXXXXX - -The DN and password which will be used to bind to the LDAP server. If we don't use -http credentials (see below) than these setting will be used for all ldap operations -(both searches and modifies/adds). - ->ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base} - -The LDAP suffix under which all new user entries created through the new user -page will be placed - ->ldap_default_dn: uid=default-dialup,%{ldap_base} - -The DN of an ldap entry containing radius user settings which will be -applied for all users. Though these settings are applied *before* the -regular profile and per user settings, so they can be easily overwritten. -That way we could for example set Session-Timeout to 4 hours for all our users -and set it to a lower/higher value for specific users or groups of users - ->ldap_regular_profile_attr: dialupregularprofile - -The ldap attribute which if present in a user entry will contain the DN -of another ldap entry specifying radius user settings (check and reply items). -That way we can keep these settings in only one entry and assign them to each -user that we want through the regular profile attribute. - ->ldap_use_http_credentials: yes - -If set to yes then the HTTP credentials (http authentication) -will be used to bind to the ldap server instead of ldap_binddn -and ldap_bindpw directives. That way multiple admins with different rights -on the ldap database can connect through one dialup_admin interface. -The ldap_binddn and ldap_bindpw are still needed to find the DN of the user -to bind with (http authentication will only provide us with a -username). As a result the ldap_binddn should be able to do a search -with a filter of (uid=). Normally, the anonymous (empty DN) -user can do that. - ->ldap_directory_manager: cn=Directory Manager ->ldap_map_to_directory_manager: admin - -If we are using http credentials we can map a specific username to the -directory manager entry (which usually does not correspond to a specific username) - -> ldap_debug: true - -Set to true to enable ldap debugging - ->ldap_filter: (uid=%u) - -Allow for defining the ldap filter used when searching for a user -Variables supported: -%u: username -%U: username provided though http authentication - -One use of this would be to restrict access to only the user's belonging to -a specific administrator like this: -ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com)) - - -[2.1.9] SQL Options - -> sql_type: mysql - -The type of the database. Currenty dialup admin support mySQL ('mysql') -and PostgreSQL('pg') - -> sql_server: localhost -> sql_port: 3306 -> sql_username: radius -> sql_password: XXXXX - -Information regargind the SQL database such as hostname, port, -username and password to be used for connection - -NOTE: The default port for mySQL is 3306 while for PostgreSQL is 5432. - The Username and password are ones set in the database. Creating a - new username is behond the scope of this documentation. - -> sql_database: radius - -The database where all our tables are stored. Read section 1.3.3 - -> sql_accounting_table: radacct -> sql_check_table: radcheck -> sql_groupcheck_table: radgroupcheck -> sql_groupreply_table: radgroupreply -> sql_reply_table: radreply - -The above tables are the ones used also directly through FreeRadius. -The SQL file containing the way to create these tables are at -freeradius-x.x.x/src/modules/rlm_sql/drivers/rlm_sql_/db_.sql - -For more information consult the documentation of FreeRadius - -> sql_badusers_table: badusers -> sql_user_info_table: userinfo -> sql_usergroup_table: usergroup -> sql_total_accounting_table: totacct - -These are the tables created during section 1.3.3. -There shouldn't be any need to change those - -> sql_use_user_info_table: true -> sql_use_operators: true - -Could be true or false - -> sql_default_user_profile: DEFAULT - -Set this to the value of the default_user_profile in your sql.conf if -that one is set. If it is not set leave blank or commented out - -> sql_password_attribute: User-Password - -The password attribute. Should be User-Password if encryption method -is clear (See section 2.1.6) or Crypt-Password if either md5 or des is choosed - -> sql_date_format: Y-m-d -> sql_full_date_format: Y-m-d H:i:s - -The date format - -> sql_row_limit: 40 - -The row limit used in the accounting page in order to limit the output - -> sql_connect_timeout: 3 -> sql_extra_servers: sql2.company.com sql3.company.com - -The above options are used by bin/log_badlogins (See Section 2.x.x) -The sql_connect_timeout is also used by the mysql driver and the sql_extra_servers -is also used when adding users in the badusers table - -> sql_debug: false - -Set to true to enable SQL debugging - -> sql_use_http_credentials: no - -If set to yes then the HTTP credentials (http authentication) will be used -to connect to the sql server instead of sql_username and sql_password. -That way multiple admins with different rights on the sql database can -connect through one dialup_admin interface. - -> sql_command: /usr/local/bin/mysql -This variable is used by the scripts in the bin folder -It should contain the path to the sql binary used to run -sql commands (mysql is only supported for now) - - -[2.1.10] Limits Timers - -> counter_default_daily: 14400 -> counter_default_weekly: 72000 -> counter_default_monthly: none - -The dialup limit displayed on the Dialup Admin. Set to none for no limit - - -[2.1.11] Various Options - - -> general_accounting_info_order: desc - -Can be either asc (older dates first) or desc (recent dates first) - -> general_stats_use_totacct: no - -Use the totacct table for statistics - -> general_use_session: yes - -Set it to yes to use sessions and cache the various mappings. You can also -set use_session = 1 in config.php to also cache the admin.conf - -NOTE: Remember to use the 'Clear Cache' page if you use sessions and - do any changes in any of the configuration files. - -> general_most_recent_fl: 30 - -This is used by the failed logins page. It states the default back time -in minutes. - -> general_prefered_lang: el -> general_prefered_lang_name: Greek - -It can be default or whatever language. Only greek are supported from -non latin alphabet languages. These attribute only apply for ldap not for sql - -> general_charset: iso-8859-1 - -The charset which will be added as a meta tag in all pages - -> general_decode_normal_attributes: no - -Uncomment this if normal attributes (not the ;lang-xx ones) in ldap -are utf8 encoded. - - -[2.2] The bin/ scripts - - -[2.2.1] The snmpfinger script - -This script make an snmp request to the nas server to retrieve -the online users directly from the NAS and is being used by dialup admin -when general_finger_type: snmp is set (or the per nas equivelant -directive). (See section 2.1.4). - -You also must have installed the net-snmp package obtained at -http://www.net-snmp.org - -The snmpfinger script must be edited in order to point to the correct -snmpwalk binary. - -Edit the line $SNMPWALK="/usr/local/bin/snmpwalk"; to represent the location -of snmpwalk binary - -Besides that the snmpfinger uses MIBs only for the CISCO XXXX NAS or for Lucent -equipment (at least for the MAX 3000) which may not work if your NAS is different. - -However the snmpfinger is not actually required if your accounting -is working properly. - -[2.2.2] The log_badlogins script - -The log_badlogins scripts actually does a tail -f to the radius.log and -intercepts any authentification failure and passes it to the database. -If you are interested in having the Failed Logins on the Dialup Admin -you should execute it once like this: - -bin/log_badlogins /var/log/radius/radius.log /usr/local/dialup_admin/conf/admin.conf& - -Of cource the proper file locations must be set - -Also log_badlogins will concatenate the client shortname and the general_domain variable -defined in admin.conf in order to find the nas ip address. So it is important to make sure -that $client_shortname.$domain resolves to the correct nas ip address. -regular expression matching is also supported. If the $regexp variable is set then -only failed login lines matching the regular expression will be logged. - -[2.2.3] The clean_radacct script - -The clean_radacct script can be used to clear the database of stale open sessions -(sessions for which an Accounting-Stop has not been received hence they remain open) -The $back_days variable can be changed to specify how many days we should leave the -sessions open before removing them. Make sure though that all your user sesions are -short lived (no DSL users for example) before using the script. If that is not the -case edit the sql query to only match short lived sessions (depending on the NAS-Port-Type -for example). - -[2.2.4] The truncate_radacct script - -The truncate_radacct script can be used to delete all sessions which are older than a -specified number of days. This number can be changed through the $back_days variable. -The script will do a lock tables so make sure you run it during the night when the traffic -is low. It will also only delete *closed* session, so the clean_radacct script should be -used together to clear the possible open sessions. - -[2.2.4] The tot_stats script - -This script will log aggregated per user information in the totacct table. It will log a row -per user, per day. It should be run *once* every day to create the corresponding entries in -the totacct table. The general_stats_use_totacct configuration directive could then be set to -yes in order for the statistics page to use the totacct table instead of the radacct table. - -[2.2.5] The monthly_tot_stats script - -This script can be used to aggregate the information from the totacct table into the mtotacct table -creating aggregated accounting information for each spaning in one month period. If the current -month has not ended it will log information up to the current month day. It should be run once -a day to create the corresponding entries in the mtotacct table. - - -[2.3] User Attributes - -First of all check conf/user_edit.atts and see if the attribute you are -interested in is commented out. If it is just enable it by uncommenting it. -If the attribute is not included in the file add it. - -If you use SQL check conf/sql.attrmap. Attributes that are not contained in this file -are assumed to be reply items and map to the same name as the one used by dialup_admin - -If you use LDAP check ${freeradius_install_dir}/etc/raddb/ldap.attrmap -and check if the attribute is included in the attribute mapping. - -If it is not then add it there also.Everything should work ok after that. - -[2.4] Finishing - -The above sections should propably have brought you to a working dialup admin. -Note however that if you are interested in logging the failed logins -(See section 2.3.2) you should execute the log_badlogins each time -the system starts. - - -3. Troubleshooting --------------------------- - -[3.1] When I try to access some page I see the php code instead of html - -See section 1.3.2.1 - -[3.2] When an attribute contains double (") or single (') quotes - something goes wrong - -Make sure that magic quotes in PHP are turned off - -[3.3] Even though I have uncommented Dialup-Access in user_edits.attrs, - when editing a user, that field is not available... - -...Is this because in sql.attrmap -I have: - -checkItem Dialup-Access none - -What should the attribute be? - -Dialup-Access is an attribute used by the ldap module. It is not implemented in the sql module, that's why the mapping is set to none. -You could set Auth-Type to Reject instead. - -[3.4] Why do the personal information fields show multiple entries for - attributes like name, department, etc in the user_admin page? - -Set general_prefered_lang to en - -[3.5] After I make a few changes in one of the configuration files things - only work like they worked before - -If you are using sessions then remember to use the 'Clear Cache' page after -making any changes. See Section 2.1.11 - -[3.6] It is still not working - -Check that the register_globals in php.ini is set to on. As of PHP 4.2.0 -this is set to off by default. The latest versions of dialup_admin will work -even if register_globals is set to off if the php version is > 4.1.0 -(Thanks to Evren Yurtesen for the suggestion). - -In latest versions you can also enable sql debug (sql_debug: true) -and ldap debug (ldap_debug: true) - - -4. HOWTO Information ---------------------------------- - -This document is distributed under the terms of the GPL (GNU Public License). -Paris Stamatopoulos (main author) -Kostas Kalevras (a few additions) diff --git a/dialup_admin/doc/TODO b/dialup_admin/doc/TODO deleted file mode 100644 index 90abd8536d2..00000000000 --- a/dialup_admin/doc/TODO +++ /dev/null @@ -1,21 +0,0 @@ -* Minimize database (ldap,mysql) connections. -* Clean up html code to make it smaller -* More messages -* Multilanguage support for ldap attributes -* Add language attributes in user_new.php -* Finger facility. Should find a way to make it work with all nases. That will - mean that it should be made modular and fall back to simple queries to the - sql db if it cannot get user info from the nas server -* Check out dbx library. It seems very promising for database independent code. - We 'll see where it goes. -* Add billing and statistics pages. Billing is a must. The page should also create - reports which could be printed or sent by email to the users containing their billing - information. We also need more statistics pages with fancy bars and diagrams. Ideas - are welcome. -* Parse the radius dictionary files so that we can show a pull down menu of possible values - for various attributes. -* Also be able to keep username mappings in sql. Create an administration page -* Improve sqlrelay support -* Make the userinfo attributes configurable and create calculation formulas.Like: - Attribute-Name:DB-Attribute:Internal-Attribute:Initial-Value:Editable - Administrator:admin:admin:%U:No diff --git a/dialup_admin/htdocs/about.html b/dialup_admin/htdocs/about.html deleted file mode 100644 index 65172e8f312..00000000000 --- a/dialup_admin/htdocs/about.html +++ /dev/null @@ -1,52 +0,0 @@ - - -About page - - - - - - - - -

-
- - - - - -

- - -

dialup_admin About Page

- - -

-
- -
-A web based administration interface for the freeradius radius server
-written in PHP4 -

-Copyright (C) 2001,2002 Kostas Kalevras -

-

-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version
-2 of the License, or (at your option) any later version.
-

-
-Authors:
Kostas Kalevras (kkalev at noc.ntua.gr)
-Basilis Pappas (vpappas at noc.ntua.gr)
-Panagiotis Christias (christia at noc.ntua.gr)
-Thanasis Duitsis (aduitsis at noc.ntua.gr) - -
-

- - diff --git a/dialup_admin/htdocs/accounting.php b/dialup_admin/htdocs/accounting.php deleted file mode 100644 index 57a6897c303..00000000000 --- a/dialup_admin/htdocs/accounting.php +++ /dev/null @@ -1,309 +0,0 @@ - - -Accounting Report Generator - - - - - -Could not include SQL library functions. Aborting - - -EOM; - exit(); -} - -$operators=array( '=','<', '>', '<=', '>=', '!=', 'regexp', 'like', 'not like' ); -if ($config[sql_type] == 'pg'){ - $operators=array( '=','<', '>', '<=', '>=', '~', 'like', '~*', '~~*', '<<=' ); -} - -$link = @da_sql_pconnect ($config) or die('cannot connect to sql databse'); -$fields = @da_sql_list_fields($config[sql_accounting_table],$link,$config); -$no_fields = @da_sql_num_fields($fields,$config); - -unset($items); - -for($i=0;$i<$no_fields;$i++){ - $key = strtolower(@da_sql_field_name($fields,$i,$config)); - $val = $sql_attrs[$key][desc]; - if ($val == '') - continue; - $show = $sql_attrs[$key][show]; - $selected[$key] = ($show == 'yes') ? 'selected' : ''; - $items[$key] = "$val"; -} -asort($items); - -class Qi { - var $name; - var $item; - var $_item; - var $operator; - var $type; - var $typestr; - var $value; - function Qi($name,$item,$operator) { - $this->name=$name; - $this->item=$item; - $this->operator=$operator; - } - - function show() { global $operators; - global $items; - $nam = $this->item; - echo << - $items[$nam] - - - - - - - -EOM; - } - - function get($designator) { global ${"item_of_$designator"}; - global ${"value_of_$designator"}; - global ${"operator_of_$designator"}; - if(${"item_of_$designator"}){ - $this->value= ${"value_of_$designator"}; - $this->operator=${"operator_of_$designator"}; - $this->item=${"item_of_$designator"}; - } - } - function query(){ - global $operators; - global $items; - return $items[$this->item]." $this->operator '$this->value'"; - } -} - -?> - - -Accounting Report Generator - - - - - - - - - - -

-Show the following attributes:
- -EOM; - -foreach($items as $key => $val) - if ($val == 'username') - echo <<$val -EOM; - else - echo <<$val -EOM; - -echo << -

-Max results returned:
- -

- - - - -EOM; - -$number=1; -$offset=0; -while (${"item_of_w$number"}) { - if(${"delete_w$number"}==1) {$offset=1;$number++;} - else { - $designator=$number-$offset; - ${"w$designator"} = new Qi("w$designator","",""); - ${"w$designator"}->get("w$number"); - ${"w$designator"}->show(); - $number++; - } - } -if($add==1) { - ${"w$number"} = new Qi("w$number","$item_name","$operators[0]"); - ${"w$number"}->show(); - } -echo << - - - - -

-Selection criteria: -

- -
-

- - - -EOM; - -} - -if ($queryflag == 1){ -$i = 1; -while (${"item_of_w$i"}){ - $op_found = 0; - foreach ($operators as $operator){ - if (${"operator_of_w$i"} == $operator){ - $op_found = 1; - break; - } - } - if (!$op_found) - die("Operator passed is not valid. Exiting abnormaly."); - ${"item_of_w$i"} = preg_replace('/\s/','',${"item_of_w$i"}); - ${"value_of_w$i"} = da_sql_escape_string(${"value_of_w$i"}); - $where .= ($i == 1) ? ' WHERE ' . ${"item_of_w$i"} . ' ' . ${"operator_of_w$i"} . " '" . ${"value_of_w$i"} . "'" : - ' AND ' . ${"item_of_w$i"} . ' ' . ${"operator_of_w$i"} . " '" . ${"value_of_w$i"} . "'" ; - $i++; -} - -$order = ($order_by != '') ? "$order_by" : 'username'; - -if (preg_match("/[\s;]/",$order)) - die("ORDER BY pattern is illegal. Exiting abnornally."); - -if (!is_numeric($maxresults)) - die("Max Results is not in numeric form. Exiting abnormally."); - -unset($query_view); -foreach ($accounting_show_attrs as $val) - $query_view .= $val . ','; -$query_view = preg_replace('/,$/','',$query_view); -unset($sql_extra_query); -if ($config[sql_accounting_extra_query] != '') - $sql_extra_query = xlat($config[sql_accounting_extra_query],$login,$config); - $sql_extra_query = da_sql_escape_string($sql_extra_query); -$query="SELECT " . da_sql_limit($maxresults,0,$config) . " $query_view FROM $config[sql_accounting_table] - $where $sql_extra_query " . da_sql_limit($maxresults,1,$config) . - " ORDER BY $order " . da_sql_limit($maxresults,2,$config) . ";"; - -echo << - - - - -
- - - - - -

- - -

- Accounting Report Generator -

- - -

- - - -EOM; -foreach($accounting_show_attrs as $val){ - $desc = $sql_attrs[$val][desc]; - echo "\n"; -} -echo "\n"; - - $search = @da_sql_query($link,$config,$query); - if ($search){ - while( $row = @da_sql_fetch_array($search,$config) ){ - $num++; - echo "\n"; - foreach($accounting_show_attrs as $val){ - $info = $row[$val]; - if ($info == '') - $info = '-'; - $info = $sql_attrs[$val][func]($info); - if ($val == 'username'){ - $Info = urlencode($info); - $info = "$info "; - } - echo <<$info -EOM; - } - echo "\n"; - } - } - else - echo "Database query failed: " . da_sql_error($link,$config) . "
\n"; -echo << - -
$desc
-

- - -EOM; -} -?> diff --git a/dialup_admin/htdocs/badusers.php b/dialup_admin/htdocs/badusers.php deleted file mode 100644 index d2e590e0f63..00000000000 --- a/dialup_admin/htdocs/badusers.php +++ /dev/null @@ -1,231 +0,0 @@ - - -Unauthorized Service Usage History for $login - - - - - -Could not include SQL library functions. Aborting - - -EOM; - exit(); -} - -$now = time(); -$now_str = ($now_str != '') ? "$now_str" : date($config[sql_date_format],$now + 86400); -$prev_str = ($prev_str != '') ? "$prev_str" : "0001-01-01 00:00:00"; - -$now_str = da_sql_escape_string($now_str); -$prev_str = da_sql_escape_string($prev_str); - -$num = 0; -$pagesize = ($pagesize) ? $pagesize : 10; -if (!is_numeric($pagesize) && $pagesize != 'all') - $pagesize = 10; -$limit = ($pagesize == 'all') ? '' : "$pagesize"; -$selected[$pagesize] = 'selected'; -$login = ($login != '') ? $login : 'anyone'; -$usercheck = ($login == 'anyone') ? "LIKE '%'" : "= '$login'"; -$order = ($order != '') ? $order : $config[general_accounting_info_order]; -if ($order != 'desc' && $order != 'asc') - $order = 'desc'; -$selected[$order] = 'selected'; - -echo << -Unauthorized Service Usage History for $login - - - - - - - - - -

-EOM; - -if ($login != 'anyone'){ - echo << -EOM; - -include("../html/user_toolbar.html.php"); - -print << -EOM; -} - -if ($do_delete == 1 && ($row_id != 0 && is_numeric($row_id))){ -$link = @da_sql_connect($config); -if ($link){ - $search = @da_sql_query($link,$config, - "SELECT id,admin FROM $config[sql_badusers_table] - WHERE id = '$row_id';"); - if ($search){ - $row = @da_sql_fetch_array($search,$config); - if ($row[id] == $row_id){ - $admin = "$row[admin]"; - if (($admin != '-' && $_SERVER["PHP_AUTH_USER"] == $admin) || $admin == '-'){ - $sql_servers = array(); - if ($config[sql_extra_servers] != '') - $sql_servers = explode(' ',$config[sql_extra_servers]); - $sql_servers[] = $config[sql_server]; - foreach ($sql_servers as $server){ - $link2 = @da_sql_host_connect($server,$config); - if ($link2){ - $r = da_sql_query($link2,$config, - "DELETE FROM $config[sql_badusers_table] - WHERE id = '$row_id';"); - if (!$r) - echo "SQL Error:" . da_sql_error($link2,$config) . "
\n"; - @da_sql_close($link2,$config); - } - else - echo "SQL Error: Could not connect to SQL database: $server
\n"; - } - } - } - } - else - echo "Database query failed: " . da_sql_error($link,$config) . "
\n"; - @da_sql_close($link,$config); -} -else - echo "Could not connect to SQL database
\n"; -} - -echo <<
- - - - - -

- - -

- Unauthorized Service Usage History for $login -

- - -

-$prev_str up to $now_str -

- - -EOM; -?> - -

- - - - - -= '$prev_str' " . da_sql_limit($limit,1,$config) . - " ORDER BY incidentdate $order " . da_sql_limit($limit,2,$config) . " ;"); - if ($search){ - while( $row = @da_sql_fetch_array($search,$config) ){ - $num++; - $id = $row[id]; - $user = "$row[username]"; - $User = urlencode($user); - $date = "$row[incidentdate]"; - $reason = "$row[reason]"; - $admin = "$row[admin]"; - if ($admin == $auth_user || $admin == '-') - $action = ""; - else - $action = ""; - if ($admin == '') - $admin = '-'; - if ($reason == '') - $reason = '-'; - echo << - - - - - - $action - -EOM; - } - } - else - echo "Database query failed: " . da_sql_error($link,$config) . "
\n"; -} -else - echo "Could not connect to SQL database
\n"; -echo << - -
# user date admin reason administrator action
- $num $user $date $admin $reason
-
-
- - - - - - - - - - - - -EOM; -?> - - -
- - the from date matches any login after the 00:00 that day, - and the to date any login before the 23:59 that day. - the default values shown are the current week. -
user from date to date pagesize order
- - -
-

- - diff --git a/dialup_admin/htdocs/buttons.php b/dialup_admin/htdocs/buttons.php deleted file mode 100644 index 2d57c2c158f..00000000000 --- a/dialup_admin/htdocs/buttons.php +++ /dev/null @@ -1,15 +0,0 @@ - diff --git a/dialup_admin/htdocs/clear_opensessions.php b/dialup_admin/htdocs/clear_opensessions.php deleted file mode 100644 index 73955f5ee25..00000000000 --- a/dialup_admin/htdocs/clear_opensessions.php +++ /dev/null @@ -1,187 +0,0 @@ -Clear Open User Sessions for $login - - - - - -Could not include SQL library functions. Aborting - - -EOM; - exit(); -} - -echo << - -Clear Open User Sessions for $login - - - - - - - - - -

- - -EOM; - -include("../html/user_toolbar.html.php"); - -$open_sessions = 0; - -$sql_extra_query = ''; -if ($config[sql_accounting_extra_query] != ''){ - $sql_extra_query = xlat($config[sql_accounting_extra_query],$login,$config); - $sql_extra_query = da_sql_escape_string($sql_extra_query); -} - -print << - -
-

- - - - -

- - -

- Clear open sessions for $login -

- - -

-EOM; - -if ($drop_conns == 1){ - $method = 'snmp'; - $nastype = 'cisco'; - if ($config[general_sessionclear_method] != '') - $method = $config[general_sessionclear_method]; - if ($config[general_nas_type] != '') - $nastype = $config[general_nas_type]; - if ($config[general_ld_library_path] != '') - putenv("LD_LIBRARY_PATH=$config[general_ld_library_path]"); - $nas_by_ip = array(); - $meth_by_ip = array(); - $nastype_by_ip = array(); - foreach ($nas_list as $nas){ - if ($nas[ip] != ''){ - $ip = $nas[ip]; - $nas_by_ip[$ip] = $nas[community]; - $meth_by_ip[$ip] = $nas[sessionclear_method]; - $nastype_by_ip[$ip] = $nas[nas_type]; - } - } - - $link = @da_sql_pconnect($config); - if ($link){ - $search = @da_sql_query($link,$config, - "SELECT nasipaddress,acctsessionid FROM $config[sql_accounting_table] - WHERE username = '$login' AND acctstoptime IS NULL;"); - if ($search){ - while($row = @da_sql_fetch_array($search,$config)){ - $sessionid = $row[acctsessionid]; - $sessionid = hexdec($sessionid); - $nas = $row[nasipaddress]; - $port = $row[nasportid]; - $meth = $meth_by_ip[$nas]; - $nastype = ($nastype_by_ip[$nas] != '') ? $nastype_by_ip[$nas] : $nastype; - $comm = $nas_by_ip[$nas]; - if ($meth == '') - $meth = $method; - if ($meth == 'snmp' && $comm != '') - exec("$config[general_sessionclear_bin] $nas snmp $nastype $login $sessionid $comm"); - if ($meth == 'telnet') - exec("$config[general_sessionclear_bin] $nas telnet $nastype $login $sessionid $port"); - } - } - else - echo "Database query failed: " . da_sql_error($link,$config) . "
\n"; - } - else - echo "Could not connect to SQL database
\n"; -} -if ($clear_sessions == 1){ - $sql_servers = array(); - if ($config[sql_extra_servers] != '') - $sql_servers = explode(' ',$config[sql_extra_servers]); - $quer = '= 0'; - if ($config[sql_type] == 'pg') - $quer = 'IS NULL'; - $sql_servers[] = $config[sql_server]; - foreach ($sql_servers as $server){ - $link = @da_sql_host_connect($server,$config); - if ($link){ - $res = @da_sql_query($link,$config, - "DELETE FROM $config[sql_accounting_table] - WHERE username='$login' AND acctstoptime $quer $sql_extra_query;"); - if ($res) - echo "Deleted open sessions from accounting table on server $server
\n"; - else - echo "Error deleting open sessions for user" . da_sql_error($link,$config) . "
\n"; - } - else - echo "Could not connect to SQL database
\n"; - } - echo <<

- - -EOM; - exit(); -} -else{ - $link = @da_sql_pconnect($config); - if ($link){ - $search = @da_sql_query($link,$config, - "SELECT COUNT(*) AS counter FROM $config[sql_accounting_table] - WHERE username = '$login' AND acctstoptime IS NULL $sql_extra_query;"); - if ($search){ - if ($row = @da_sql_fetch_array($search,$config)) - $open_sessions = $row[counter]; - } - else - echo "Database query failed: " . da_sql_error($link,$config) . "
\n"; - } - else - echo "Could not connect to SQL database
\n"; -} -?> - -

- - diff --git a/dialup_admin/htdocs/content.html b/dialup_admin/htdocs/content.html deleted file mode 100644 index 8e27e249b16..00000000000 --- a/dialup_admin/htdocs/content.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - - -

-

-A web based administration interface for the freeradius radius server -

- - - diff --git a/dialup_admin/htdocs/failed_logins.php b/dialup_admin/htdocs/failed_logins.php deleted file mode 100644 index 34ba2c01152..00000000000 --- a/dialup_admin/htdocs/failed_logins.php +++ /dev/null @@ -1,236 +0,0 @@ - - -Failed logins - - - - - -Could not include SQL library functions. Aborting - - -EOM; - exit(); -} - -$now = time(); -if (!isset($last)) - $last = ($config[general_most_recent_fl]) ? $config[general_most_recent_fl] : 5; -if (!is_numeric($last)) - $last = 5; -$start = $now - ($last*60); -$now_str = date($config[sql_full_date_format],$now); -$prev_str = date($config[sql_full_date_format],$start); - -$now_str = da_sql_escape_string($now_str); -$prev_str = da_sql_escape_string($prev_str); - -$pagesize = ($pagesize) ? $pagesize : 10; -if (!is_numeric($pagesize) && $pagesize != 'all') - $pagesize = 10; -$limit = ($pagesize == 'all') ? '' : "$pagesize"; -$selected[$pagesize] = 'selected'; -$order = ($order != '') ? $order : $config[general_accounting_info_order]; -if ($order != 'desc' && $order != 'asc') - $order = 'desc'; -$selected[$order] = 'selected'; -if ($callerid != ''){ - $callerid = da_sql_escape_string($callerid); - $callerid_str = "AND callingstationid = '$callerid'"; -} -if ($server != '' && $server != 'all'){ - $server = da_sql_escape_string($server); - $server_str = "AND nasipaddress = '$server'"; -} - -unset($da_name_cache); -if (isset($_SESSION['da_name_cache'])) - $da_name_cache = $_SESSION['da_name_cache']; - -?> - - -Failed Logins - - - - - - - - - -

- -

-
- - - - - -

- - -

- Failed Logins -

- - -

-$prev_str up to $now_str -EOM; -?> - -

- - - -" . $acct_attrs['fl'][2] . "\n"; -if ($acct_attrs['fl'][7] != '') echo "\n"; -if ($acct_attrs['fl'][8] != '') echo "\n"; -if ($acct_attrs['fl'][9] != '') echo "\n"; -unset($sql_extra_query); -if ($config[sql_accounting_extra_query] != ''){ - $sql_extra_query = xlat($config[sql_accounting_extra_query],$login,$config); - $sql_extra_query = da_sql_escape_string($sql_extra_query); -} -?> - - -= '$prev_str' - AND (acctterminatecause LIKE 'Login-Incorrect%' OR - acctterminatecause LIKE 'Invalid-User%' OR - acctterminatecause LIKE 'Multiple-Logins%') $callerid_str $server_str $sql_extra_query " . da_sql_limit($limit,1,$config) . - " ORDER BY acctstoptime $order " . da_sql_limit($limit,2,$config) . " ;"); - if ($search){ - while( $row = @da_sql_fetch_array($search,$config) ){ - $num++; - $acct_login = $row[username]; - if ($acct_login == '') - $acct_login = '-'; - else - $acct_login = "$acct_login"; - $acct_time = $row[acctstoptime]; - $acct_server = $row[nasipaddress]; - if ($acct_server != ''){ - $acct_server = $da_name_cache[$acct_server]; - if (!isset($acct_server)){ - $acct_server = $row[nasipaddress]; - $acct_server = @gethostbyaddr($acct_server); - if (!isset($da_name_cache) && $config[general_use_session] == 'yes'){ - $da_name_cache[$row[nasipaddress]] = $acct_server; - session_register('da_name_cache'); - } - else - $da_name_cache[$row[nasipaddress]] = $acct_server; - } - } - else - $acct_server = '-'; - $acct_server = "$acct_server:$row[nasportid]"; - $acct_terminate_cause = "$row[acctterminatecause]"; - if ($acct_terminate_cause == '') - $acct_terminate_cause = '-'; - $acct_callerid = "$row[callingstationid]"; - if ($acct_callerid == '') - $acct_callerid = '-'; - echo << - - -EOM; - if ($acct_attrs['fl'][2] != '') echo "\n"; - if ($acct_attrs['fl'][2] != '') echo "\n"; - if ($acct_attrs['fl'][2] != '') echo "\n"; - if ($acct_attrs['fl'][2] != '') echo "\n"; - echo "\n"; - } - } - else - echo "Database query failed: " . da_sql_error($link,$config) . "
\n"; -} -else - echo "Could not connect to SQL database
\n"; -echo << - -
# login " . $acct_attrs['fl'][7] . " " . $acct_attrs['fl'][8] . " " . $acct_attrs['fl'][9] . "
$num $acct_login $acct_time $acct_server $acct_terminate_cause $acct_callerid
-
-
-
- - - - - - - -EOM; -?> - - - -
time back (mins) pagesize caller id order
- - - -
-On Access Server: -
- -
-

- - diff --git a/dialup_admin/htdocs/find.php b/dialup_admin/htdocs/find.php deleted file mode 100644 index 2ce6565b359..00000000000 --- a/dialup_admin/htdocs/find.php +++ /dev/null @@ -1,144 +0,0 @@ - - - -Find User Page - - - - - - - - - -

- -

-
- - - - - -

- - -

- Find User Page -

- - -

- - - - - - -EOM; - foreach ($found_users as $user){ - if ($user == '') - $user = '-'; - $User = urlencode($user); - $num++; - $msg .= << - - - -EOM; - } - $msg .= "

#	user
$num	$user

\n"; - } - else - $msg = "No users found
\n"; -} -?> - - -$msg -EOM; -} -?> -

- - diff --git a/dialup_admin/htdocs/group_admin.php b/dialup_admin/htdocs/group_admin.php deleted file mode 100644 index 3414675a97d..00000000000 --- a/dialup_admin/htdocs/group_admin.php +++ /dev/null @@ -1,129 +0,0 @@ -Group Administration Page - - - - - -This page is only available if you are using sql as general library type - - -EOM; - exit(); -} - -unset($group_members); -if (is_file("../lib/$config[general_lib_type]/group_info.php")){ - include("../lib/$config[general_lib_type]/group_info.php"); - if ($group_exists == 'no'){ - echo <<Group Administration Page - - - - - -

-Group Name - - does not exist
- - - -EOM; - exit(); - } -} -?> - - - -Group Administration Page - - - - - - - - - -

- - - - -

-
- - - - - -

- - -

- Group Administration -

- - -

- - - - - - - - - - - - - - - - - -

-Group Members (Check to Delete) -	- -
-New Group Member(s) Separate group members by whitespace or newline -	- -

-
- -

- - -

- - diff --git a/dialup_admin/htdocs/group_new.php b/dialup_admin/htdocs/group_new.php deleted file mode 100644 index b870341c143..00000000000 --- a/dialup_admin/htdocs/group_new.php +++ /dev/null @@ -1,173 +0,0 @@ -New group creation page - - - - - -This page is only available if you are using sql as general library type - - -EOM; - exit(); -} - -require('../lib/attrshow.php'); -require('../lib/defaults.php'); -require("../lib/$config[general_lib_type]/group_info.php"); - -if ($config[general_lib_type] == 'sql' && $config[sql_use_operators] == 'true'){ - $colspan=2; - $show_ops=1; -}else{ - $show_ops = 0; - $colspan=1; -} - -?> - - - -New group creation page - - - - - - - - - -

- -
- - - - - -

- - -

- Preferences for new group -

- - -

- -The group $login already exists in the group database -EOM; - } - else{ - if (is_file("../lib/$config[general_lib_type]/create_group.php")) - include("../lib/$config[general_lib_type]/create_group.php"); - if (is_file("../lib/$config[general_lib_type]/group_info.php")) - include("../lib/$config[general_lib_type]/group_info.php"); - } -} -?> - -

- - diff --git a/dialup_admin/htdocs/help/auth_type_help.html b/dialup_admin/htdocs/help/auth_type_help.html deleted file mode 100644 index c3a16600064..00000000000 --- a/dialup_admin/htdocs/help/auth_type_help.html +++ /dev/null @@ -1,44 +0,0 @@ - - -Auth-Type Help Page - - - - - - - - - -

- - -

Auth-Type Help Page

- - - - -

-
- -

-Value: String
-

-The Auth-Type attribute describes which authentication module to call.
-Standard values from a default FreeRADIUS setup my be:
-

-PAP
-CHAP
-MSCHAP
-PAM
-UNIX
-LADP
-EAP
-

access statistics