Вы просматриваете старую версию данной страницы. Смотрите текущую версию.
Сравнить с текущим |
просмотр истории страницы
#!/bin/bash ceil_out=${ceil_out:-$ceil_in} user_event_before() { if [[ "$ip" = "0.0.0.0" ]]; then log WARNING: abonent_id:$abonent_id user_id:$user_id has $ip ip return 1 fi } user_add(){ if [ "$auth_type" == "1" ]; then while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_auth; do :; done send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list add list=crb_auth_list address=$ip comment=${ip}_crb_auth fi } user_accept(){ while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_blocked; do :; done send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list remove numbers=${ipv6}_crb_blocked } user_drop(){ send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list add list=crb_blocked_list address=$ip comment=${ip}_crb_blocked send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list add list=crb_blocked_list address=$ipv6 comment=${ipv6}_crb_blocked } user_redirect(){ send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list add list=crb_negbal_list address=$ip comment=${ip}_crb_negbal send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list add list=crb_blocked_list address=$ipv6 comment=${ipv6}_crb_negbal } user_redirect_cancel(){ while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_negbal; do :; done send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list remove numbers=${ipv6}_crb_negbal } rad_acc_start(){ send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list add address=$ipv6 comment=${ipv6}_crb_auth list=crb_auth_list } rad_acc_stop(){ send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list remove numbers=${ipv6}_crb_auth } user_rate_set(){ # Сначала удалим из старого сервиса, потом добавим в новый while send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple remove numbers=crb_${ip}; do :; done if [ "${burst_in}${burst_out}${burst_threshold}${burst_time}" == "" ]; then # send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s if [[ "${ipv6}" != "" ]]; then send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32,${ipv6} parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s else send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s fi else # send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=${burst_in}K/${burst_out}K burst-threshold=${burst_threshold}/${burst_threshold} burst-time=${burst_time}s/${burst_time}s if [[ "${ipv6}" != "" ]]; then send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32,${ipv6} parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=${burst_in}K/${burst_out}K burst-threshold=${burst_threshold}/${burst_threshold} burst-time=${burst_time}s/${burst_time}s else send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=${burst_in}K/${burstout}K burst-threshold=${burst_threshold}/${burst_threshold} burst-time=${burst_time}s/${burst_time}s fi fi } user_disconnect(){ if [ "$auth_type" == "0" -o "$auth_type" == "6" ]; then if [ "${acct_session_id}" != "" ]; then sshpass -p "${telnet_password}" ssh "${telnet_login}"@"$nas_ip" /ppp active remove [find session-id=0x${acct_session_id}] else echo "User-Name=\"${login}\"" | radclient -x ${nas_ip}:${coa_port} disconnect "${radius_secret}" fi fi } user_del(){ if [ "$auth_type" == "0" -o "$auth_type" == "6" ]; then sshpass -p "${telnet_password}" ssh "${telnet_login}"@"$nas_ip" /ip firewall address-list remove numbers=[find address =${ip}] sshpass -p "${telnet_password}" ssh "${telnet_login}"@"$nas_ip" /ipv6 firewall address-list remove numbers=[find address =${ipv6}] echo "User-Name=\"${login}\"" | radclient -x ${nas_ip}:${coa_port} disconnect "${coa_psw}" else while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_auth; do :; done while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_negbal; do :; done while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_blocked; do :; done fi while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /queue simple remove numbers=crb_${ip}; do :; done send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple remove numbers=crb_${ipv6} } users_from_nas(){ set +x send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list print .proplist=address ?list=crb_blocked_list > $SYNCDIR/blocked_list.nas || rm -rf $SYNCDIR/blocked_list.nas send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list print .proplist=address ?list=crb_negbal_list > $SYNCDIR/negbal_list.nas || rm -rf $SYNCDIR/negbal_list.nas send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list print .proplist=address ?list=crb_auth_list > $SYNCDIR/auth_list.nas || rm -rf $SYNCDIR/auth_list.nas set -x } user_get_mac() { local TMPDIR=/tmp/nas_event_daemon/$nas_ip/user_get_mac/ mkdir -p $TMPDIR/ read ip int mac t <<< "$(send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip arp print .proplist=address,mac-address,interface ?address=${ip})" echo $mac > ${TMPDIR}/${user_id} chmod 777 -R /tmp/nas_event_daemon/ } user_info(){ echo '<pre>' > /tmp/${user_id}_user_info.new $EVENT_HANDLERS_DIR/${NAS_SCRIPT_NAME%.sh}.d/user_info "$nas_ip" "$telnet_login" "$telnet_password" "$ip" >> /tmp/${user_id}_user_info.new || true echo '</pre>' >> /tmp/${user_id}_user_info.new mv -f /tmp/${user_id}_user_info.new /tmp/${user_id}_user_info chown apache:apache /tmp/${user_id}_user_info [ "${is_daemon:--}" != 1 ] && cat /tmp/${user_id}_user_info } user_event_after() { :; } send_cmd() { ip=$1 cmd=user_${2} EVENT_HANDLERS_DIR=./bin/ NAS_SCRIPT_NAME=session set -x echo "env $env_str" $cmd set +x } main() { . /usr/local/bin/user_env $ip . ./main.ini abonent_log_dir="/var/log/abonents/${abonent_id}/" mkdir -p "$abonent_log_dir" PS4=" \D{%Y-%m-%d %T} ssh ${SSH_CLIENT%% *} $HOSTNAME rtsh session "$@"[$$]: " echo '' >> "${abonent_log_dir}/rtsh_${user_id}.log" send_cmd "$@" 2>&1 | tee -a "${abonent_log_dir}/rtsh_${user_id}.log" } ### Все функции должны быть определены до подключения ubin_session bin_session=$BASH_SOURCE ubin_session="${bin_session//bin/ubin}.hook" [ -f "$ubin_session" ] && source "${ubin_session}" # пока временно if [ "${is_daemon:--}" != 1 ]; then main "$@" fi